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.INFRASTRUCTURE  LOG 

_DAY  82:  There  are  so  many  risks  out  there.  So  many  things 
that  can  happen  to  our  business:  natural  disasters,  spikes 
in  traffic,  mergers.  How  do  we  prepare?  One  in  three 
companies  don’t  recover  from  unplanned  downtime.1  Would  we? 

_Gil  has  wrapped  everything  in  the  office  with  bubble  wrap. 
Everything.  Just  to  be  safe. 

_DAY  83:  Im  preparing  with  IBM  Business  Resilience  Solutions. 
IBM  Business  Continuity  Services  can  help  us  assess  our  risks 
and  design  a  proactive  plan  to  deal  with  them.  IBM  Tivoli  gives  us 
the  visibility  to  diagnose  and  fix  infrastructure  problems. 

And  the  robust  availability  features  of  the  IBM  System  p™  give 
us  maximum  uptime.  The  future  feels  so  much  safer  now. 

_No  more  bubble  wrap.  And  I  have  to  mail  a  package.  Great. 


Take  the  business  continuity  assessment  at: 

IBM.COM/TAKEBACKCONTROL/READY 
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>MEET  STORM, THE  LARGEST 
BOTNET  TROJAN  IN  HISTORY 
>WE  DISSECTED  IT,  THEN  WE 
DESTROYED  IT 


>WE  LOVE  IT  WHEN  IT  GETS 
COMPLICATED 


> CONVERGED  THREATS  ARE  ALWAYS  EVOLVING 
NEW  WAYS  TO  GO  UNDETECTED 

>OUR  UNIQUE  SKEPTIC  TECHNOLOGY  TRACKS  EVERY 
SUSPICIOUS  LINK  IN  EVERY  EMAIL  &  THEN  SWEEPS 
THE  WEBSITES  FOR  MALICIOUS  CODE  » 

>VISIT  MESSAGELABS.COM/THREATS  FOR  ^  * 
A  FREE  TRIAL  f 
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■  EDITOR’S  NOTE 

Don  Tennant 


WHEN  WE  REPORTED  online  last  week 

that  former  CA  CEO  Sanjay  Kumar  had 
made  the  final  payment  on  the  $52  million 
in  restitution  he  owed  after  pleading  guilty 
to  accounting  fraud  charges,  some  readers  took  the  opportu¬ 
nity  to  express  their  disdain  for  Kumar  and  for  what  he  had 
done  that  landed  him  in  prison. 


“They  should  leave  him 
in  there,  where  he  be¬ 
longs,  but  transfer  him  to 
a  real  prison,”  wrote  one 
reader,  referring  to  the 
fact  that  Kumar’s  lawyers 
are  seeking  to  reduce  his 
sentence  at  a  minimum 
security  facility  in  New 
Jersey.  “This  would  be 
justice  for  the  reign  of 
terror  he  employed  while 
at  CA.” 

For  the  life  of  me,  I  can’t 
figure  out  how  the  history 
of  what  really  happened 
at  CA  has  become  so  dis¬ 
torted.  Reign  of  terror? 

You  bet  there  was  a  reign 
of  terror  at  that  company. 
But  it  was  hardly  propa¬ 
gated  by  Kumar.  Another 
reader  who  commented  on 
the  same  story  accurately 
identified  the  true  culprit 
as  CA  founder  Charles 
Wang.  Yet  this  reader  was 
equally  misinformed. 

“Sanjay  fell  into  [the] 
wrong  company,”  the  read¬ 
er  wrote.  Kumar  “actually 
was  good  for  Computer 
Associates,  smoothing 
over  bad  relations  with 
customers,  eliminating 
many  of  the  problems  [in¬ 


herited]  from  his  father- 
in-law.  Shame  of  it  is  that 
his  father-in-law  (Slick 
Charlie)  didn’t  join  him 
behind  bars.” 

This  isn’t  the  first  time 
I  have  heard  from  a  reader 
who  thought  that  Kumar 
is  Wang’s  son-in-law,  or 
have  seen  a  reference  to 
that  effect  elsewhere.  I 
don’t  know  how  that  myth 
originated,  but  it’s  not  true. 
Kumar’s  wife,  Sylvia,  is  not 
related  to  Wang. 

I  couldn’t  agree  more 
that  it’s  a  shame  Wang  isn’t 
behind  bars.  But  I  wonder 
why  this  reader,  who  iden¬ 
tified  himself  as  a  former 
CA  employee  through  an 
acquisition,  bought  into  a 
myth  that  is  so  easily  de¬ 
bunked. 

Most  of  the  former 
CA  employees  who  have 
written  to  me  agree  that 

M  You  bet  there 
was  a  reiqn  of 
terror  at  CA. 

But  it  was  hardly 
propagated  by 
sanjay  Kumar. 


Kumar  was  thrown  under 
the  bus. 

“Charles  and  his  brother 
Anthony  found  a  sucker, 
put  him  in  the  right  place, 
and  left  him  hanging  in  the 
breeze,”  wrote  one. 

“Charles  and  his  inner 
circle  were  evil,”  claimed 
another.  “Sanjay  was  truly 
the  fall  guy.” 

To  the  extent  that  Ku¬ 
mar  made  mistakes  — 
and  he  did  —  justice  was 
served  when  he  walked 
into  that  prison  compound 
last  August.  But  as  I  wrote 
in  a  column  in  April  2006 
after  Kumar  pleaded  guilty 
to  the  charges,  decent 
people  do  stupid  things. 

“It  would  be  tragic  if  the 
miracle  Kumar  worked 
at  CA  —  transforming  it 
from  the  most  intensely 
feared  and  loathed  soft¬ 
ware  company  on  the 
planet  to  a  respected  and 
valued  business  partner 
—  is  forgotten  because  of 
all  this,”  I  wrote.  “Vilifica¬ 
tion,  in  Kumar’s  case,  is 
unwarranted.” 

That  column  elicited  a 
heartfelt  response  from  an 
employee  who  worked  for 


Kumar  for  years  at  CA. 

“I  don’t  know  what  hap¬ 
pened,  maybe  it  was  just 
getting  caught  up  in  the 
technology  boom  at  the 
time,”  she  wrote.  “But  all 
in  all,  he  is  the  most  decent 
human  being  I  have  [ever 
had]  the  honor  and  privi¬ 
lege  of  knowing  and  work¬ 
ing  for.  He  doesn’t  deserve 
this  at  all.” 

The  same  employee 
e-mailed  me  last  August, 
eight  days  after  Kumar 
entered  prison.  She  was 
responding  to  the  “Dear 
Charles”  column  I  had 
written,  in  which  I  used  a 
baseball  doping  metaphor 
in  addressing  Wang.  I  said 
that  he’s  the  one  who  shot 
the  illegal  performance¬ 
enhancing  drugs  into  CA. 

She  noted  that  she 
and  a  co-worker  had  had 
breakfast  with  Kumar  two 
weeks  earlier  to  say  good¬ 
bye.  “He  is  such  an  amaz¬ 
ing  man.  Very  positive, 
stoic,”  she  wrote. 

“I  can’t  believe  you  had 
the  guts  to  write  the  truth 
about  [Charles  Wang]  and 
CA,”  she  added.  “It  needed 
to  be  told  and  come  out.” 

It  took  no  guts  at  all. 
What  takes  guts  is  own¬ 
ing  up  to  your  mistakes 
and  paying  for  them. 

Food  for  thought  for  those 
in  power  when  terror 
reigned.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld. 
com/tennant. 


4  COMPUTERWORLD  JANUARY  21,  2008 


▼ 


■  ONLINE  CHATTER 


RESPONSE  TO: 

E-discovery  Rules  Still 
Causing  Headaches 

Jan.  7, 2008 

This  article  perpetuates  a  couple 
of  myths  about  the  “new”  federal 
rules  and  what  IT  professionals 
should  do  to  deal  with  discovery 
in  litigation. 

First,  it  is  information  content, 
not  media  type  or  “format,”  that 
controls.  Discovery  has  always  been 
about  finding  retained  information, 
not  data.  Hence  the  creation  of  the 
category  of  electronically  stored 
information  to  supplement  “docu¬ 
ments”  and  “physical  things”  as 
discoverable  evidence.  Further,  the 
rules  do  not  mandate  that  informa¬ 
tion  be  produced  in  native  file  for¬ 
mat.  They  require  any  format  con¬ 
version  be  to  a  “reasonably  usable 
form”  to  prevent  abuses  that  began 
in  the  mid-’90s.  Abuses  like  spend¬ 
ing  millions  to  print  e-mail,  move  it 
off-site,  scan  the  paper  to  TIFF  and 
then  OCR  the  TIFF  to  get  machine- 
readable  text,  when  that’s  what  you 
had  to  start  with.  Thus,  the  rules 
are  very  far-reaching  and  designed 
to  accommodate  new  technology. 

Moreover,  professional  records 


EMC  to  Replace  Some  Disks 
With  Solid-State  Drives 

This  quarter  EMC  will  ship  a  line  of  solid- 
state  drives  with  flash  memory  as  an  option 
to  replace  some  disk  drives  in  the  company’s 
high-end  Symmetrix  storage  arrays. 


First  Look:  On  Cloud  9 
With  Apple’s  MacBook  Air 

Computerworld’ s  Ryan  Faas  calls  the  new 
subnotebook  “truly  innovative”  but  says  cur¬ 
rent  Mac  users  will  have  to  change  the  way 
they  work  to  get  the  most  out  the  slim-line 
laptop.  FireWire  and  Ethernet  ports  are  no 
longer  included,  for  instance. 


managers  have  known  for  decades 
that  it  is  content  that  controls  reten¬ 
tion.  Put  another  way,  it  is  the  sub¬ 
ject  matter  of  the  information  in  the 
e-mail  that  determines  its  retention 
value,  not  the  fact  it  was  created  or 
stored  in  an  e-mail  system.  In  my 
experience,  IT  fails  to  talk  to  rec¬ 
ords  managers,  the  perceived  “pa¬ 
per  pushers,”  who  have  content  and 
retention  categories  for  everything 
important.  The  rules  don’t  change 
this  paradigm,  except  to  create  the 
one  “supernumerary”  content  class 
—  the  “litigation  hold”  class. 

If  your  records  manager  or  busi¬ 
nessperson  printed  an  e-mail  and 
was  required  to  hold  the  printed 
version  for  seven  years,  the  same 
rule  applies  to  the  e-mail  in  digital 
storage.  Forget  about  90-day  purge 
rules,  or  you  will  live  a  perilous  life. 

Last,  tape  backup  for  disaster  re¬ 
covery  is  not  archiving.  If  you  aren’t 
archiving  to  tiered  storage,  plan  to 
start  as  soon  as  possible.  Leave  the 
tapes  to  DR  and  bring  them  out  only 
in  the  event  everything  else  fails. 

■  Submitted  by:  William  Kellermann 


JOIN  THE  CHATTER!  You,  too,  can 
comment  directly  on  our  stories, 

at  computerworld.com. 


How  the  Spectrum  Auction 
Could  Change  Your  Life 

This  week’s  auction  of  large  chunks  of  wire¬ 
less  spectrum  could  lead  to  healthier  compe¬ 
tition  and  more  devices,  some  analysts  say. 


Could  Postballot 
Audits  Renew  Faith 
In  Elections? 

Supporters  of  e-voting  reform 
say  the  time  is  now  to  mandate 
random  counts  after  elections, 


Opinion:  At  the  Airport, 

An  ID  Theft  Takes  Flight 

Like  to  people-watch  at  the  airport?  Jon 
Espenschied  does  -  and  he  spotted  a  well- 
dressed  woman  Dumpster-diving.  She  may 
have  been  looking  for  your  personal  data. 
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SOFTWARE 

BEA,  Oracle  Users 
Fear  Price  Hikes, 
Product  Line  Cuts 


ORACLE  CORP.’S  agree¬ 
ment  to  buy  BEA  Sys¬ 
tems  Inc.  for  $8.5  bil¬ 
lion  prompted  users  of  both 
firms’  products  to  express 
fears  of  price  increases  and 
product  consolidation. 

The  BEA  board  agreed 
to  the  deal  last  week,  three 
months  after  it  had  spurned 
Oracle’s  earlier  $6.7  billion 
bid  for  the  middleware 
vendor. 

Bure  Oral,  a  senior  archi¬ 
tect  at  government  contrac¬ 
tor  CellExchange  Inc.  in 
Cambridge,  Mass.,  said  that 
on  the  positive  side,  the  deal 
will  make  it  possible  for 
users  to  buy  databases  and 
application  servers  from  a 
single  vendor.  On  the  other 
hand,  Oral  anticipates  that 
it  will  cause  some  confusion 
for  BEA  users  because  of 
technology  overlap. 

Oral  said  that  he  expects 
that  the  deal  will  likely 
mean  the  death  of  some 
products  —  “a  little  from 
Oracle  and  a  lot  from  BEA.” 

He  added  that  Oracle 
would  be  well  served  to 
retain  BEA’s  WebLogic  ap¬ 
plication  server.  “[BEAl  had 
[WebLogic]  many  years  be¬ 


fore  Oracle  was  out  there,” 
Oral  said.  “BEA  has  always 
been  very  friendly  to  the 
user  community  with  down¬ 
loads  and  documentation. 
Oracle  doesn’t  have  this 
wide  acceptance  from  the 
user  community.” 

Jim  Burgard,  assistant 
vice  chancellor  of  university 
computing  and  communi¬ 
cation  at  the  University  of 
New  Orleans,  said  that  he 
has  “some  concerns  about 
future  licensing  and  mainte- 


of  the 

University  of  New  Orleans 
has  “some  concerns”  that  the 
deal  will  lead  to  higher  prices 
for  Oracle  and  BEA  products. 
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THE  WEEK  AHEAD 

MONDAY:  General  sessions  begin  at  Lotusphere  2008, 
IBM’s  conference  for  Lotus  users,  in  Orlando. 

TUESDAY:  Apple  plans  to  report  its  first-quarter  financial  re¬ 
sults.  Other  vendors  due  to  release  earnings  reports  this  week 
include  Sun  Microsystems  and  Sybase,  both  on  Thursday. 

SATURDAY:  The  group  Computer  Professionals  for  Social 
Responsibility  holds  a  one-day  conference  on  technology 
use  in  wartime,  at  Stanford  Law  School  in  Palo  Alto,  Calif. 
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Kumar  Pays 


Jailed  former  CA  Inc.  CEO 
Sanjay  Kumar  (above)  has 
made  the  final  $2  million 
restitution  payment  he 
owed  for  his  involvement 
in  a  $2.2  billion  accounting 
scandal  at  the  vendor,  his 
attorney  said  last  week. 

Kumar  was  under  a  court 
order  to  repay  $52  million  to 
victims  of  the  fraud. 

He  is  jailed  at  the  Federal 
Correctional  Institution  in 
Fairton,  N.J.,  and  is  sched¬ 
uled  to  be  released  in  2018, 
according  to  the  Bureau  of 
Prisons.  Kumar  has  appealed 
the  sentence,  said  his  lawyer, 
Lawrence  McMichael. 

“He’s  holding  up  just 
fine  and  doing  the  best  he 
can  while  taking  courses 
and  doing  a  few  jobs,"  Mc¬ 
Michael  said. 

Kumar  reported  to  prison 
in  August,  after  pleading 
guilty  to  fraud  and  obstruc¬ 
tion  of  justice  charges.  His 
guilty  plea  cut  the  restitution 
order  from  $1.02  billion  to 
$52  million. 

-MATT  HAMBLEN 


nance  costs,  now  that  all  the 
components  are  owned  by 
one  vendor.” 

Mike  Gilpin,  an  analyst 
at  Forrester  Research  Inc., 
said  that  Burgard’s  fears  are 
not  unfounded,  and  he  sug¬ 
gested  that  support  costs 
for  BEA  products  could 
grow  after  the  deal  closes. 
And  if  BEA  users  move 
to  Oracle’s  technology,  he 
added,  they  will  have  to  pay 
for  migration. 

Gilpin  also  noted  that  “it’s 
not  in  Oracle’s  interest  to 
aggravate  these  customers. 
In  many  cases,  they  are  al¬ 
ready  Oracle  customers.” 

Todd  Langille,  project 
manager  of  administrative 
computing  at  Dartmouth 
College  in  Hanover,  N.H., 
said  he  wonders  whether 
Oracle  has  a  “clear,  coher¬ 
ent  strategy”  for  its  growing 
software  portfolio. 

Patricia  Dues,  enterprise 
program  manager  for  the 
city  of  Las  Vegas,  said  she 
hopes  that  Oracle  can  use 
BEA’s  technology  to  upgrade 
its  own  offerings,  such  as 
Oracle  Business  Intelligence 
Enterprise  Edition,  which 
the  city  recently  purchased. 

“We  realize  what  Oracle 
has  done  with  other  acquisi¬ 
tions  in  taking  the  best  of 
both  worlds.  This  sparks 
our  interest,”  said  Dues. 

The  deal  is  expected  to 
close  in  October. 

—  Brian  Fonseca  and 
Heather  Havenstein 


INFRASTRUCTURE  LOG 


.DAY  79:  Our  IT  environment  is  rigid  and  inflexible. 

We  can’t  adapt  to  our  changing  business  needs.  Oh  no.. 
I  was  afraid  of  this.  We’re  so  rigid,  we’re  stuck  in  time. 

_Infrastructurus  prehistoricus.  I’ve  read  about  this. 

.DAY  80:  I’m  taking  back  control  with  IBM  SOA  solutions 
Now  we  have  the  hardware,  software  and  services 
we  need  to  respond  to  change.  IT  strategy,  planning  and 
implementation  are  in  tune  with  our  specific  business 
needs.  We’re  deploying  and  updating  business  processes 
faster  and  more  efficiently.  We’re  evolving! 

.Good-bye,  rigid  past.  Hello,  flexible  future. 
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SECURITY 

MySpace,  States  Sign 
Kids  Online  Safety  Pact 


MYSPACE  INC.  and  49 
state  attorneys  gen¬ 
eral  last  week  cul¬ 
minated  two  years  of  dis¬ 
cussions  by  agreeing  to  a 
new  set  of  principles  aimed 
at  stepping  up  online  safety 
on  MySpace  and  other  so¬ 
cial  networking  sites. 

As  part  of  the  agreement, 
MySpace  will  add  some 
60  new  features  intended 
to  protect  children  from 
online  predators,  the  attor¬ 
neys  general  and  MySpace 
officials  said  during  a  press 
conference  in  New  York. 

The  pact  also  calls  for 
MySpace  to  create  a  panel 
called  the  Internet  Safety 
Technical  Task  Force,  with 
representatives  from  other 


social  networking  sites,  se¬ 
curity  vendors  and  online 
safety  advocacy  groups. 

The  task  force  will  evalu¬ 
ate  and  develop  new  age- 
and  identity-verification 
tools  and  issue  findings  and 
recommendations  by  the 
end  of  this  year,  the  attor¬ 
neys  general  said. 

Roy  Cooper,  North 
Carolina’s  attorney  general 
and  co-chairman  of  the 
attorneys  general’s  task 
force  on  online  safety,  said 
that  thq  agreement  “should 
set  the  standard  for  social 
networking  sites  across  the 
globe  that  have  been  quick 
to  grow  but  slow  to  recog¬ 
nize  their  responsibility  for 
keeping  kids  safe.” 


OPEN  SOURCE 

IBM’s  Jazz  Edges 
Closer  to  Open  Source 


I8M  LAST  WEEK  opened  its 
Jazz.net  community  to  anyone 
who  wants  to  provide  feedback 
on  the  technology,  which  is  in¬ 
tended  to  improve  collaboration 
among  software  development 
teams. 

Carsy  Schwaber,  an  analyst 
at  Forrester  Research  Inc.  in 
Cambridge,  Mass.,  said  the 


move  marks  the  first  time  IBM 
has  committed  to  release  any 
part  of  Jazz  as  open  source. 

Opening  Jazz.net  “is  a  natural 
step  -  especially  if  they  want  to 
get  a  community  built  around 
this,”  she  said.  “That  is  what 
makes  or  breaks  an  open- 
source  project.” 

The  Jazz.net  community 
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Cooper’s  task  force  in¬ 
cludes  MySpace  and  of¬ 
ficials  from  49  states  and  the 
District  of  Columbia. 

Hemanshu  Nigam,  chief 
security  officer  at  MySpace 
and  Fox  Interactive  Media 
Inc.,  both  owned  by  New 
York-based  News  Corp., 
urged  other  social  net¬ 
working  sites  to  join  the 
partnership  with  the  attor¬ 
neys  general. 

Connecticut  Attorney 
General  Richard  Blu- 
menthal,  co-chairman  of 
the  task  force,  noted  that 
despite  the  accord,  there 
remains  an  ongoing  dis¬ 
agreement  about  whether 
it’s  possible  for  MySpace  to 
really  authenticate  the  age 
of  its  users. 

“There  was  a  difference 
in  perspective  between 
the  attorneys  general  and 
MySpace  on  the  feasibil¬ 
ity  of  new  technology  that 
would  authenticate  age 
and  identity,”  he  said.  “We 
are  not  papering  over  or 
concealing  our  continued 
differences.” 

Fears  that  the  MySpace 
plan  will  not  work  to  pro¬ 
tect  users  from  predators 
prompted  Texas  Attorney 
General  Greg  Abbot  to  de¬ 
cide  not  to  join  the  effort. 

—  Heather  Havenstein 


-  which  was  launched  in  June 

-  could  previously  be  accessed 
only  by  customers  and  academ¬ 
ics  invited  by  IBM.  The  site  will 
now  provide  all  comers  with  ac¬ 
cess  to  Jazz  code,  bug  lists  and 
other  details. 

Company  officials  acknowl¬ 
edged  that  IBM  still  owns  the 


Short 

Takes 

Sprint  Nextel  Corp.  an¬ 
nounced  plans  to  lay  off 
about  4,000  employees 
and  close  about  125  retail 
outlets  as  a  result  of  a  net 
loss  of  more  than  100,000 
customers  in  the  fourth 
quarter.  The  company 
said  the  moves  will  cut 
costs  by  $700  million  to 
$800  million  annually. 

Microsoft  Corp,  has 

hired  former  Walt  Disney 
Co.  IT  executive  Tony 
Scott  as  CIO.  Scott  re¬ 
places  Stuart  Scott,  who 
left  Microsoft  in  Novem¬ 
ber.  The  two  are  not  re¬ 
lated.  Tony  Scott  reports 
to  COO  Kevin  Turner. 

VMware  Inc.  has  agreed 
to  acquire  Thinstall,  a 
privately  held  application 
virtualization  software 
company.  VMware  said 
Thinstall’s  technology  will 
help  it  expand  its  desktop 
virtualization  capabilities. 

Cognos  Inc.  unveiled  the 
third  release  of  its  Cognos  8 
Bl  tools,  which  are  designed 
to  provide  more-targeted 
performance  management 
information  to  a  broader 
set  of  users.  A  day  earlier, 
the  Bl  vendor’s  sharehold¬ 
ers  had  approved  its  $5 
billion  acquisition  by  IBM. 


Jazz  source  code  and  agreed 
that  it’s  not  a  classic  open- 
source  project  like  Eclipse  -  yet. 

“[Jazz.net]  is  an  open  com¬ 
mercial  community  designed 
to  build  and  evolve  the  Jazz 
technology,"  said  Scott  Hebner, 
IBM  Rational’s  vice  president  of 
marketing  and  strategy. 

But  he  added  that  IBM  does 
plan  to  eventually  open  the 
Jazz  source  code  as  it  did  with 
Eclipse.  “The  ultimate  goal  is 
very  similar  to  Eclipse,”  he  said. 

-  HEATHER  HAVENSTEIN 


Innovations  by  InterSystems 


Embed  competitive  advantages. 


To  make  database  applications  more  valuable,  embed  InterSystems  Cache®  -  the  object  database 
that  runs  SQL  faster  than  relational  databases  -  and  enjoy  higher  speed  and  scalability  while 
lowering  hardware  and  administration  requirements.  Or,  for  applications  that  have  to  link  with 
multiple  systems  and  processes,  embed  InterSystems  Ensemble®.  Your  applications  will  become 
connectable,  and  you’ll  be  able  to  rapidly  enhance 
them  with  a  rich  Web  interface,  adaptable  work- 
flow,  rules-based  business  processes,  and  other 
new  features  -  without  rewriting. 


InterSystems  f 

CACHE 


InterSystems 


ENSEMBLE 


Make 5  3'  ■  * 
Applications 

More 

Valuable 

Download  a  tree,  fully  functional  copy  of  Cache,  or  see  a  demonstration  of  Ensemble,  at  InterSystems.com/FreeI4A 


©  2007  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Cache  and  InterSystems  Ensemble  are  registered  trademarks  of’  InterSystems  Corporation.  9-07  EmbcdComboH  Co  Wo 
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BETWEEN  THE  LINES 


By  John  Klossner 
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DESKTOP  APPLICATIONS 

Open  XML  Changes  i 
Get  Put  Down  on 
Paper  -  Lots  of  It 


THE  STANDARDS  body  push 
ing  Microsoft  Corp.’s  Office 
Open  XML  document  for¬ 
mat  for  approval  as  an  ISO 
standard  published  a  2,300- 
page  document  last  week 
addressing  complaints  and 
suggestions  made  by  ISO 
members. 

Under  ISO  rules,  Ecma  In¬ 
ternational’s  full  document 
can  be  viewed  via  a  Web 
portal  only  by  members  of 
national  standards  bodies. 
But  Geneva-based  Ecma 
openly  posted  a  summary 
of  the  key  changes  made  to 
the  Open  XML  standards 
proposal,  which  failed  to 
win  enough  votes  in  initial 
balloting  last  September. 

The  changes  include  the 
sidelining  of  a  graphics¬ 
rendering  technology  used 
by  few  vendors  other  than 
Microsoft,  and  the  addition 
of  more  information  on  how 
Open  XML,  the  native  file 
format  in  Office  2007,  sup¬ 
ports  file  compatibility  with 
older  versions  of  Office. 

The  length  of  Ecma’s 
response  isn’t  surprising, 
since  ISO  members  submit¬ 
ted  3,522  written  comments 
about  Open  XML  in  the 
wake  of  the  September  vote. 
A  second  vote  is  scheduled 
for  late  next  month. 


Format  for  Office  Applica¬ 
tions,  or  ODF,  has  already 
been  ratified  as  a  standard 
by  ISO.  But  Burton  Group,  a 
consulting  firm  in  Midvale, 
Utah,  issued  a  report  last 
week  predicting  that  ODF 
will  have  only  “a  minor  role” 
in  IT  installations  compared 
with  Open  XML. 

Marino  Marcich,  execu¬ 
tive  director  of  the  Open- 
Document  Format  Alliance, 
retorted  that  many  users 
have  adopted  “a  buyer- 
beware  attitude”  toward 

I 

Open  XML  because  it  would 
“tie  them  to  the  upgrade 
path  of  a  single  vendor.” 

—  Eric  Lai  5 


Global 

Dispatches 

EC  Launches  New 
Probes  of  Microsoft 

BRUSSELS  -  The  European 
Commission  last  week  opened 
two  new  antitrust  investiga¬ 
tions  into  Microsoft  Corp.’s 
activities. 

The  first  case,  based  on  a 
complaint  from  the  Brussels- 
based  European  Committee  for 
Interoperable  Systems,  con¬ 
cerns  the  interoperability  of 
Windows  with  other  software. 

The  second  investigation, 
based  on  a  complaint  by  Op¬ 
era  Software  ASA  in  Oslo,  is 
looking  into  Microsoft’s  tactic 
of  bundling  software  with  its 
Windows  operating  system. 

Both  new  probes  build 
on  the  findings  of  the  EC’s 
2004  antitrust  ruling  against 


SAP  AG  and  Business  Ob¬ 
jects  SA  jointly  announced 
their  first  product  bundles 
as  part  of  SAP’s  planned 
acquisition  of  the  business 
intelligence  vendor. 

Gregory  Reyes,  former  CEO 

of  Brocade  Communica¬ 
tions  Systems  Inc.,  was 

sentenced  to  21  months  in 


LAST  WEEK 

prison  and  fined  $15  million 
for  his  role  in  a  stock- 
options  backdating  scheme. 

ONE  YEAR  AGO  The  TJX 

Companies  Inc.  disclosed 
a  massive  security  breach 
that  it  has  since  said  in¬ 
volved  the  theft  of  45.6  mil¬ 
lion  credit  and  debit  card 
numbers  from  its  systems. 


Microsoft,  which  the  vendor 
unsuccessfully  challenged.  In  a 
statement,  Microsoft  said  it  “is 
in  full  compliance  with  Euro¬ 
pean  law  and  our  obligations” 
under  the  antitrust  ruling. 

Paul  Meller, 

IDG  News  Service 


that  meets  the  requirements 
for  global  cost  efficiency  and 
for  flexible  capacity  growth.” 

Nokia  said  it  will  negotiate 
with  employee  representatives 
to  “reach  a  satisfactory  solu¬ 
tion”  for  everyone  involved. 
Grant  Gross, 

IDG  News  Service 


Nokia  Cuts  2,300 
German  Jobs 

ESPOO,  FINLAND  -  Mobile 
phone  maker  Nokia  Corp., 
based  here,  has  announced 
plans  to  lay  off  2,300  employ¬ 
ees  at  a  plant  in  Bochum,  Ger¬ 
many,  and  move  production  to 
lower-cost  European  sites. 

The  company  said  the 
Bochum  plant  will  close  by 
mid-2008. 

“Production  of  mobile  de¬ 
vices  in  Germany  is  no  longer 
feasible  for  Nokia,”  Veli  Sund- 
back,  executive  vice  president 
of  Nokia,  said  in  a  statement. 
“It  cannot  be  operated  in  a  way 


BRIEFLY  NOTED 


Microsoft  last  week  said  that  it 


has  provided  computer  training 
to  200,000  teachers  in  India, 
beating  its  goal  of  training 
80,000  Indian  teachers  during 
the  five-year  period  ending  in 
December  2008.  The  company 
launched  the  program,  called 
Project  Shiksha,  in  2003. 

John  Ribeiro, 


IDG  News 


Service 
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ormation  management  software  from  SAS. 

om/ostriches 


■-  ' 


THE  ‘HACKER 
SAFE’  SEAL: 


Critics  claim  that  Web  site 
vulnerability  scans  can  give 
companies  a  false  sense  of  security. 
But  users  say  that  the  scans  are  a 
valuable  part  of  their  online  defense 
strategies.  By  Jaikumar  Vijayan 


■  SECURITY 


ORE  THAN 
80,000  Web 
sites  world¬ 
wide  display 
a  small  green 
logo  that  proclaims  them 
to  be  “Hacker  Safe.”  The 
logo  is  provided  to  them 
by  ScanAlert  Inc.,  a  vendor 
that  scans  the  sites  of  its 
clients  daily  in  search  of 
security  vulnerabilities. 

ScanAlert’s  logo  is  the 
most  widely  used  security 
seal  of  its  kind  on  the  Web, 
and  it  can  be  found  on 
dozens  of  marquee-brand 
sites,  including  those  of 
Johnson  &  Johnson,  Sony 
and  Warner  Bros.  Such 
widespread  use  attracted 
the  attention  of  security 
vendor  McAfee  Inc.,  which 
in  late  October  agreed  to 
acquire  ScanAlert. 

But  Napa,  Calif. -based 
ScanAlert  was  put  on  the 
defensive  this  month  after 
online  technology  retailer 
Geeks.com  warned  an  un¬ 
disclosed  number  of  cus¬ 
tomers  that  their  personal 
and  credit  card  data  may 
have  been  compromised  in 
a  hacking  incident.  Geeks.- 
com,  whose  formal  name 
is  Genica  Corp.,  displays 
the  Hacker  Safe  logo  at  the 
bottom  of  its  home  page. 

A  ScanAlert  spokes¬ 
man  said  “preliminary 
evidence”  suggests  that 
the  breach  likely  occurred 
during  one  of  several  pe¬ 
riods  last  year  when  Scan¬ 
Alert  had  withdrawn  its 
certification  from  Geeks.- 
com  after  finding  vulner¬ 
abilities  on  the  Web  site. 

Even  so,  the  incident  at 
Geeks.com  has  rekindled 
a  debate  about  the  value  of 
security  seals  such  as  the 
Hacker  Safe  logo. 

ScanAlert  users  say  that 
the  scanning  service  can 
sniff  out  at  least  some  se¬ 
curity  problems  and  that 
the  logo  is  a  valuable  mar¬ 


keting  tool  for  them. 

On  the  other  hand, 
ScanAlert’s  detractors  say 
the  service  can  give  com¬ 
panies  and  their  online 
customers  a  false  sense  of 
security.  Indeed,  hacker 
groups  have  claimed  that 
they  have  targeted  and 
broken  into  numerous 
Web  sites  displaying  the 
Hacker  Safe  logo. 

“Hacker  Safe  seals  are 
completely  ludicrous,” 
said  David  Kennedy,  who 
heads  SecureState  LLC’s 
profiling  and  e-discovery 
practice.  SecureState  is  a 
consulting  firm  in  Cleve¬ 
land  that  offers  security 
risk  assessment  services 
and  does  manual  penetra¬ 
tion  testing  of  systems  and 
networks  for  its  clients. 

ScanAlert’s  automated 
probes  offer  a  “very  ba¬ 
sic  form  of  vulnerability 
identification,”  Kennedy 
claimed.  They  focus  more 
on  spotting  network  vul¬ 
nerabilities  than  on  detect¬ 
ing  harder-to-find  Web 
application  flaws,  such  as 
SQL  injection  and  cross¬ 
site  scripting  vulnerabili¬ 
ties,  he  said. 

“Web  applications 
are  very  dynamic  and 
ever-changing,”  whereas 
vulnerability  scans  rely 
on  static  information  to 
identify  security  issues, 
Kennedy  said.  He  noted 
that  after  being  asked  to 
do  security  assessments  by 
10  companies  with  Hacker 
Safe  logos  on  their  Web 
sites,  SecureState  was  able 
to  break  into  nine  of  the 
sites  and  easily  access  fi¬ 
nancial  and  customer  data. 

Adriel  Desautels,  chief 
technology  officer  at 
Netragard  LLC,  a  Mend- 
ham,  N.J.-based  company 
that  offers  manual  vulner¬ 
ability  testing  services, 
said  automated  scans  can 
Continued  on  page  14 
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3>.  10.0? 


What  does  it  take  to  provide  360°  communications 
in  a  24/7  business  world? 


Expectations  are  high  for  communication  systems  in  today’s  connected  world.  They  are  expected 
to  deliver  a  lower  cost  of  ownership  while  ensuring  that  people  are  available  and  have  the  tools 
necessary  to  collaborate.  NEC,  the  global  IT  and  networking  company,  delivers  mobility  and  unified 
communications  that  integrate  with  our  UNIVERGE®  IP  Telephony  platforms,  to  improve  business 
processes  and  customer  relationships  by  connecting  people  to  people  and  the  information  they 
need  anytime,  anywhere.  NEC  Empowering  you  through  innovation. 

—  www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


NEC  is  proud  to  have  the  No.  1  worldwide  ranking  in  enterprise  telephony  extension  line 
shipments  in  2006,  for  the  second  year  in  a  row,  according  to  Gartner* 

'Market  Share:  Enterprise  Telephony  Equipment  Worldwide,  2006;  Megan  Fernandez  &  Isabel 
Montero.  July,  2007  ©NEC  Corporation  2007.  NEC  and  the  NEC  logo  are  registered  trademarks 
of  NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


I  SECURITY 


VIEWPOINTS 

’Z'/t. •  .v  /■*  . 

We  had  a  ma- 

The  technical 
side  of  me 
says  there  is  limited 
use  here  from  a 
security  perspec¬ 
tive.  The  marketing 
guy  in  me  says 
it’s  a  no-brainer. 

BILL  CRONIN,  MANAGER 

OF  E-COMMERCE  AT  THE 

VERMONT  TEDDY  BEAR  CO., 

A SCANALERT USER 

jor  financial 
institution  customer 
that  had  passed  an 
automated  vulnera¬ 
bility  scan.  But  then 
we  came  in  and  by 
the  end  of  the  third 
day,  [we]  had  pen¬ 
etrated  17  of  their 
internal  systems. 

CTO,  NETRAGARD  LLC 

_ A 

Continued  from  page  12 
be  useful  in  ensuring  that 
a  Web  site  is  protected 
against  known  security 
flaws.  “They  make  sure  that 
network  security  is  not  a 
complete  disaster,”  he  said. 

But  automated  scans  don’t 
work  as  well  with  custom¬ 
ized  Web  applications  and 
e-commerce  environments, 
Desautels  contended. 

In  addition,  they  do  next 
to  nothing  to  test  Web  sites 
against  less  commonly 
known  vulnerabilities,  he 
said,  adding  that  those  are 
the  flaws  most  likely  to 
be  exploited  by  black-hat 
hackers. 

“We  had  a  major  financial 
institution  customer  that 
had  passed  an  automated 
vulnerability  scan  and  in¬ 
trusion  testing,”  Desautels 
said.  “Everything  appeared 
to  be  working,  but  then  we 
came  in  and  by  the  end  of 
the  third  day,  [we]  had  pen¬ 
etrated  17  of  their  internal 
systems.” 

Tim  Dowling,  vice  presi¬ 
dent  of  consumer  growth 
initiatives  at  McAfee’s  Web 
security  group,  said  it’s  un¬ 
reasonable  and  naive  to  ex¬ 
pect  any  IT  security  service 
to  provide  100%  protection 
against  online  threats. 

“Hacker  Safe  is  not  per¬ 
fect,”  Dowling  acknowl¬ 
edged.  But  he  said  that 
ScanAlert’s  service  does 
help  users  defend  their  Web 
sites  against  “thousands  and 
thousands”  of  threats.  And 
sites  that  sport  the  seal  are 
far  more  readily  trusted  by 
consumers  than  those  that 
don’t,  he  claimed  —  a  con¬ 
tention  that  was  backed  up 
by  several  ScanAlert  users. 

According  to  Dowling,  a 
full  90%  of  the  scans  that 
ScanAlert  performs  on  a 
daily  basis  are  automated. 
But  in  cases  where  sites 
fail  the  vulnerability  scans, 
the  vendor  may  do  manual 


penetration  testing  to  help 
its  clients  understand  and 
correct  security  problems, 
he  said. 

And  contrary  to  the 
claims  of  Kennedy  and  De¬ 
sautels,  ScanAlert  does  look 
for  problems  such  as  SQL  in¬ 
jection  and  cross-site  script¬ 
ing  flaws,  Dowling  added. 

He  noted  that  the  date- 
stamped  Hacker  Safe  seal 
is  served  and  controlled 
entirely  by  ScanAlert  and  is 
withdrawn  any  time  a  Web 
site  fails  to  pass  the  daily 
vulnerability  scan.  Since 
new  vulnerabilities  arise 
frequently,  Dowling  said,  it 
isn’t  uncommon  for  sites  to 
lose  and  regain  their  Hacker 
Safe  status,  as  Geeks.com 
did  last  June  and  December. 

The  Hacker  Safe  service 
should  be  just  one  part  of 
a  multilayered  security 
strategy,  said  Jay  Greenberg, 
director  of  e-commerce  at 
Spencer  Gifts  LLC,  a  novelty 
gifts  retailer  in  Egg  Harbor 
Township,  N.J. 

“This  is  one  additional 
tool  that  you  can  utilize 
to  help  secure  your  site,” 
Greenberg  said,  adding  that 
IT  and  Web  site  managers 
also  “have  to  be  smart  and 
diligent  about  making  sure 
your  developers  are  moni¬ 
toring  and  checking”  for 
security  flaws  as  well. 

In  addition  to  helping 
secure  Web  sites  at  the  back 


end,  ScanAlert’s  service  can 
boost  sales  by  making  con¬ 
sumers  “feel  comfortable” 
about  doing  business  on  a 
site,  Greenberg  said. 

Before  joining  Spencer 
Gifts,  he  worked  for  another 
company  that  was  a  Scan¬ 
Alert  client.  Greenberg  said 
that  to  test  how  useful  the 
Hacker  Safe  logo  was  from 
a  marketing  standpoint,  the 
company  —  which  he  de¬ 
clined  to  identify  —  asked 
ScanAlert  to  make  the  seal 
visible  to  only  about  half  of 
the  visitors  to  its  Web  site. 
The  test  showed  that  more 
of  the  people  who  could  see 
the  logo  bought  products, 
he  said. 

NO  GUARANTEE 

Jay  Cline,  president  of  Min¬ 
nesota  Privacy  Consultants 
and  former  chief  privacy 
officer  at  hospitality  indus¬ 
try  conglomerate  Carlson 
Companies  Inc.,  has  been 
a  ScanAlert  customer  for 
about  a  year.  Using  the 
Hacker  Safe  service  cer¬ 
tainly  doesn’t  guarantee  that 
hackers  will  never  be  able  to 
break  into  a  Web  site,  said 
Cline,  who  also  is  a  Comput- 
erworld  columnist. 

“What  I’m  buying  is  a  ser¬ 
vice  that  keeps  me  safe  from 
hackers  that  use  known 
vulnerabilities,”  Cline  said. 
“I’m  aware  that  there’s  still 
[other  risks]  that  I  need  to 


watch  out  for.” 

ScanAlert  has  helped 
identify  security  problems 
that  might  otherwise  have 
been  missed,  Cline  said.  For 
example,  during  the  initial 
sign-up  process,  a  scan 
pointed  him  toward  a  cross¬ 
site  scripting  vulnerability 
that  resulted  from  the  way 
his  site  was  being  hosted  by 
an  external  Web  site  devel¬ 
oper. 

A  logo  proclaiming  that 
a  site  is  safe  from  hackers 
could  sometimes  be  seen 
as  an  open  invitation  for 
malicious  attackers  to  try 
to  crack  the  site,  Cline  ac¬ 
knowledged.  But  like  Green¬ 
berg,  he  said  that  the  Hacker 
Safe  seal  can  be  a  valuable 
tool  for  convincing  consum¬ 
ers  to  complete  transactions 
and  not  be  scared  away  by 
any  security  concerns. 

“If  you’re  looking  for  ROI, 
Hacker  Safe  on  balance 
gives  you  more  lift,”  Cline 
said. 

Bill  Cronin,  manager  of 
e-commerce  at  The  Ver¬ 
mont  Teddy  Bear  Co.  in 
Shelburne,  Vt.,  also  said  that 
he  has  been  able  to  justify 
the  cost  of  the  ScanAlert 
service  from  a  marketing 
standpoint. 

When  it  comes  to  actually 
boosting  the  security  of  a 
Web  site,  though,  the  ben¬ 
efits  are  somewhat  less  obvi¬ 
ous,  Cronin  said.  He  added 
that  ScanAlert  can  help 
users  identify  some  pretty 
obvious  flaws  that  most  IT 
departments  really  should 
be  finding  on  their  own  in 
the  first  place. 

“If  they’re  coming  up  with 
vulnerabilities  on  your  site, 
you  really  aren’t  doing  your 
job  as  a  security  administra¬ 
tor,”  Cronin  said.  “The  tech¬ 
nical  side  of  me  says  there 
is  limited  use  here  from  a 
security  perspective.  The 
marketing  guy  in  me  says 
it’s  a  no-brainer.”  ■ 
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IT  management  solutions  (including  Operations 
Manager  and  Systems  Management  Server) 
designed  to  help  you  manage  your  mission- 
critical  enterprise  systems  and  applications. 

Dell™  is  using  System  Center  solutions  to  manage 
13,000  servers  and  100,000  PCs  worldwide. 
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Users  Say  Sun 
Needs  to  Fix 
What’s  Broken 
At  MySQL 
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Sun’s  $1B  buy  will  give  it  an 
open-source  database  —  and 
some  unhappy  customers. 


By  Patrick  Thibodeau 


N  AGREEING  last 
week  to  pay  $1  billion 
for  MySQL  AB,  Sun 
Microsystems  Inc. 
said  it  hopes  to  make 
MySQL’s  open-source  data¬ 
base  more  attractive  to  enter¬ 
prise  customers.  But  Sun  has 
a  lot  of  work  to  do,  according 
to  some  MySQL  users. 

And  it  isn’t  just  techni¬ 
cal  fixes  that  are  needed, 
they  said.  Although  Sun 
described  MySQL  as  “an 
open-source  icon,”  it  also 
will  have  to  mend  fences 
with  users  who  are  unhappy 
about  the  database  vendor’s 
sales  tactics  and  complain 
that  it  has  ignored  their  de¬ 


velopment  suggestions. 

For  instance,  within  hours 
of  the  proposed  acquisition’s 
announcement,  Don  Mac- 
Askill,  CEO  of  SmugMug 
Inc.,  said  in  a  blog  posting 
that  he  is  “seriously  consid¬ 
ering”  not  renewing  the  on¬ 
line  photo-sharing  service’s 
MySQL  Enterprise  sup¬ 
port  contract.  “I  probably 
wouldn’t  pay  for  MySQL  as 
it  stands  today,”  he  wrote. 

In  an  interview,  Mac- 
Askill  said  MySQL  has  per¬ 
formance  problems  when 
it’s  paired  with  InnoDB,  the 
most  widely  used  storage 
engine  for  the  database.  In 
particular,  the  problems  af¬ 


fect  systems  with  multicore 
processors.  “That’s  turning 
out  to  be  a  pretty  major  seal- 
ability  roadblock  for  a  lot  of 
us,”  he  said. 

Google  Inc.  and  other 
MySQL  users  have  devel¬ 
oped  patches  to  fix  the  prob¬ 
lems.  But  MacAskill  said 
that  the  open-source  vendor 
has  yet  to  add  the  patches 
to  the  database,  despite  re¬ 
quests  that  it  do  so  from  him 
and  other  users. 

Zack  Urlocker,  MySQL’s 
executive  vice  president  of 
products,  said  it  has  applied 
two  patches  dealing  with  the 
performance  problems  —  one 
in  September  and  the  other 
this  month.  But  he  added 
that  he  didn’t  know  whether 
those  patches  addressed 
MacAskill’s  complaints. 

ADDITIONAL  CONCERNS 

There  are  plenty  of  other 
things  that  also  need  fixing 
in  MySQL,  according  to  a 
blog  posting  by  Jeremy  Cole, 
who  formerly  used  the  data¬ 
base  at  Yahoo  Inc.  and  is 
now  a  MySQL  consultant  at 
Proven  Scaling  LLC. 

“There  are  a  lot  of  areas 
where  MySQL  has  been 
lacking  for  a  long  time,  and 
the  power  users  have  been 
either  crying  in  their  beer  or 
doing  the  work  themselves,” 
Cole  wrote.  For  instance, 
he  cited  problems  with  the 
database’s  replication,  log¬ 
ging  and  internal  memory- 
allocation  features. 

In  addition,  Cole  criti¬ 
cized  MySQL’s  sales  and 
marketing  team  and  said 
that  the  company’s  develop¬ 
ment  model  for  MySQL 
Enterprise  is  “broken.” 

Jonathan  Schwartz,  Sun’s 
CEO  and  president,  said 
during  a  teleconference  that 
the  biggest  impediment  to 
MySQL’s  growth  has  been 
its  inability  “to  give  peace 
of  mind  to  a  global  company 
that  wants  to  put  MySQL 


into  mission-critical  deploy¬ 
ments.”  Schwartz  added 
that  the  open-source  data¬ 
base  will  benefit  from  Sun’s 
broader  enterprise  reach. 

Sun  already  distributes 
the  PostgreSQL  open-source 
database  on  its  Solaris- 
based  servers.  But  Schwartz 
described  the  purchase  of 
MySQL  as  “the  most  impor¬ 
tant  acquisition”  made  by 
the  company  thus  far. 

However,  the  deal  could 
complicate  Sun’s  relation¬ 
ship  with  Oracle  Corp.,  Sun’s 
largest  database  partner. 
MySQL  competes  directly 
with  Oracle  and  other  data¬ 
base  vendors.  Also,  Oracle 
owns  InnoDB,  having  bought 
its  developer  in  2005. 

“Now  that  [MySQL]  is 
going  to  be  supported  by  a 
major  vendor,  there’s  lots  of 
companies  that  are  going 
to  give  it  a  serious  look,” 
said  Robert  Lepanto,  Oracle 
applications  manager  at 
AppCentric  Solutions  LLC 
in  Stamford,  Conn.  “I  would 
think  that’s  a  serious  long¬ 
term  threat  to  Oracle.” 

Lepanto,  who  also  is  pres¬ 
ident  of  the  New  York  City 
Metro  Oracle  Applications 
Users  Group,  added  that  he’s 
surprised  Oracle  “didn’t  buy 
[MySQL]  first  to  squash  the 
competition.” 

Daniel  Grim,  executive 
director  of  networks  and 
systems  at  the  University 
of  Delaware  in  Newark,  has 
an  enterprisewide  Oracle 
license  but  also  sees  value  in 
the  open-source  databases. 

“We’ve  often  found 
Oracle  is  more  complex  and 
more  cumbersome  than 
things  like  PostgreSQL  and 
MySQL  are,”  Grim  said.  “So 
we  use  those  for  small  ap¬ 
plications,  although  some  of 
[the]  applications  are  quite 
large,  such  as  monitoring 
networking  traffic.”  ■ 

Brian  Fonseca  and  Eric  Lai 
contributed  to  this  story. 
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HOT  TRENDS  ■  NEW  PRODUCT  NEWS  ■  INDUSTRY  BUZZ  BY  MARK  HALL 


Sharks  Hungry  for  IT  Staff 

INFORMATION  TECHNOLOGY  execs  may  want  to  protect  their 
staffs  as  legal  sharks  begin  to  hunt  for  tech  talent.  For  the  past  15 
years,  AXS-One  Inc.  in  Rutherford,  N.J.,  has  been  selling  its  infor¬ 
mation-archiving  technology  to  IT  departments.  But,  says  Marie- 
Charlotte  Patterson,  vice  president  of  market  strategy,  something 
changed  last  year.  “We’re  just  as  likely  to  be  talking  to  a  room  full  of 
lawyers  and  giving  demonstrations  to  the  general  counsel,”  she  says. 


And  increasingly,  she  adds,  IT  staff¬ 
ers  are  being  hired  directly  by  the 
office  of  the  general  counsel.  Why 
are  lawyers  suddenly  becoming  IT 
kingpins?  Records  management,  Pat¬ 
terson  contends.  Highly  regulated 
businesses,  such  as  finance  and  in¬ 
surance,  or  those  prone  to  lawsuits, 
like  manufacturing,  see  records  man¬ 
agement  as  essential  to  mitigating 
risk  and  fighting  courtroom  battles. 
And  so  the  general  counsel’s  office 
wants  a  direct 
say  in  choosing 
the  company’s 
archiving  tools 
and  is  willing  to 
go  so  far  as  to 
hire  expertise  to 
specify  and  even 
run  the  soft¬ 
ware  for  them, 
she  says.  That’s 


certainly  true  in  Massachusetts, 
which  recommends  that  the  “general 
counsel,  CFO  or  higher  ranking  of¬ 
ficer”  become  the  records  czar  at  state 
agencies.  CIOs  need  not  apply. 

Middleware  Takes 
Self-service  Path 

Hubspan  Inc.  in  Seattle  offers  what 
Robert  Pease,  its  vice  president  of 
marketing,  calls  “cloud-based  mes¬ 
saging  between  partners.”  Essentially, 
Hubspan  provides  the  connectors  be¬ 
tween  applications  and  data  sources 
so  your  supply  chain  can  connect 
with  your  operations.  For  example, 
using  Hubspan,  your  product  buyers 
can  look  into  a  supplier’s  inventory  to 
see  what’s  on  hand,  cut  an  invoice  and 
watch  the  inventory  levels  adjust  ac¬ 
cordingly.  Cool.  But  even  better,  you 
don’t  have  to  handle  all  the  gunky 


Patterson: 
Lawyers  are 
becoming  IT 
kingpins. 


middleware  plumb¬ 
ing.  Leave  that  to 
Hubspan.  Later  this 
year,  Pease  says, 
the  company  will 
begin  to  experiment 
with  self-service.  Today,  Hubspan 
experts  need  to  work  with  you  to  map 
the  connections  between  your  apps 
and  those  you  want  to  connect  with. 
The  plan  is  to  eventually  let  you  do 
the  mapping  yourself.  Pease  argues 
that  the  9,000-plus  application-to- 
application  connections  Hubspan  has 
created  so  far  give  it  more  integration 
experience  than  your  staff  has,  while 
making  things  simple  enough  for  you 
to  do  the  work  yourself.  Self-service 
pricing  has  not  been  set. 


16.4% 

Growth  of 
middleware 
market  in  2006, 
says  Gartner. 


Plug  Wireless 
Security  Holes 

Let’s  face  it:  Every  new  technology 
added  to  your  network  is  another  vec¬ 
tor  for  security  problems.  Mike  Lloyd, 
chief  scientist  at  RedSeal  Systems  Inc. 
in  Redwood  City,  Calif.,  says  virtually 
all  the  tools  you’ve  given  end  users, 
such  as  e-mail,  the  Web  and  instant 
messaging,  “are  steppingstones  to 
your  network  that  attackers  use  to  get 
to  important  data.”  If  you  don’t  know 
where  the  vulnerabilities  in  those 
tools  lie,  your  critical  information  is 
at  risk,  he  suggests.  Last  week,  Red 
Seal  unveiled  its 
Security  Risk  Man¬ 
agement  (SRM)  2.1 
software  with  sup¬ 
port  for  wireless 
networks.  Lloyd 
says  that  Version 
2.1  “shows  a  map 
of  those  [wireless] 
steppingstones”  to 
your  critical  data. 
Even  if  you  encrypt  your  wireless 
communications,  he  says,  those  path¬ 
ways  from  wireless  access  points  to 
other  network  devices  are  available  to 
a  skilled  intruder.  The  next  attack  vec¬ 
tor  RedSeal  will,  um,  attack  is  virtual 
machine  software,  specifically  vulner¬ 
abilities  in  VMware  Inc.’s 
hypervisor.  Look  for  that 
later  this  year.  Subscription 
pricing  for  SRM  2.1  starts 
at  $1,000  per  month,  or  you 
can  pay  $25,000  for  a  per¬ 
petual  license.  ■ 


Lloyd:  Know 
what  paths 
attackers  can 
take  to  your  data. 
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Discover  and  discuss 
more  industry  action  at 
the  On  the  Mark  blog: 
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m  THE  GRILL 

Eben  Moglcn 

The  founder  of  the  Software 
Freedom  Law  Center  talks  about 
taking  on  Microsoft  and  Disney, 
managing  the  software  commons 
and  ‘copyleft  capitalism.’ 


Name:  Eben  Moglen 

Title:  Founder,  president  and 
executive  director 

Organization:  Software 
Freedom  Law  Center 

Location:  New  York 


Book  most  recently  read: 
History  of  the  Conquest  of 
Mexico,  by  W.H.  Prescott 

Favorite  film: 

Much  Ado  About  Nothing 

Favorite  food:  “I  cook  lots  of 
different  things.  In  my  kitchen, 
there’s  Chinese  food,  there’s  In¬ 
dian  food,  there’s  Italian  food.  ” 

Favorite  vacation  spot:  “My 
view  about  vacation  is  that  the 
great  luxury  is  getting  off  the 
Net.  I  have  to  have  a  week  or 
two  in  which  I  am  unattached.” 

What  he  collects:  “I  collect 
books  -  heaps  of  them.  And 
I  seem  to  be  a  collector  of 
computer  hardware,  but  that’s 
only  because  we  have  such  a 
crappy  recycling  structure." 

Favorite  music:  European 
and  Northern  Indian  classical 
music,  and  American  jazz 


What  do  you  see  as  the  biggest  danger  to 
open-source  software  today?  On  the  one 

hand,  there’s  still  a  locus  of  resistance. 
Microsoft  still  maintains  strongly  the 
view  that  its  business  model,  which 
depends  upon  concealing  source  code 
from  users,  is  a  viable  and  important 
and  indeed  necessary  model.  And  so 
as  long  as  a  company  that  sells  a  bil¬ 
lion  dollars  a  week  in  software  is  in 
that  sense  fundamentally  still  trying 
to  [fight]  the  free  way  of  doing  things, 
Microsoft  remains  a  very  dangerous 
party. 

But  Microsoft,  too,  has  now  funda¬ 
mentally  recognized  that  there  is  not 
another  generation  left  in  the  propri¬ 
etary  software  idea,  and  they  are  trying 
to  leverage  the  remaining  value  of  their 
monopoly  in  a  world  of  mixed  free  and 
unfree  code.  As  Microsoft  begins  to 
move  itself  away  from  being  the  prima¬ 
ry  partisan  of  unfreedom,  the  second 

Continued  on  page  20 
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How  much  time  can  you  save?  Get  the  IDC  white  paper  at  hp.com/go/sim7 
or  call  1-866-545-0297 


Alternative  Thinking  About  Server  Maintenance: 


MAKE  ROUTINE  MAINTENANCE 


Powerful 

Efficient 


The  HP  ProLiant  DL380  G5  Server  comes  complete  with  our  Systems 
Insight  Management  (SIM)  software.  HP  SIM  reduces  the  average  time 
I.T.  spends  on  server  administration1  by  31%  and  nearly  doubles  the 
number  of  servers  that  can  be  managed  per  administrator— saving 
time,  money  and  countless  headaches. 
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Technology  for  better  business  outcomes. 
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HP  ProLiant  DL380  G5 


$2249  (Save  $958) 


HP  StorageWorks  Ultrium 
448  Tape  Drive  SAS  Bundle2 


Lease  for  as  low  as  $56/mo3  for  48  months 
Check  hp.com  for  the  most  up-to-date  pricing 

Smart  (PN:  470064-511) 

•  Quad-Core  Intel®  Xeon®  Processor 


$1649 


2GB  PC2-5300  memory 


Lease  for  as  low  as  $41/mo3  for  48  months 
Smart  (PN;  AG739A) 

•  400GB  compressed  capacity  in  half-height 
form  factor 


■  Supports  small  form  factor,  high-performance 
SAS  or  low-cost  SATA  hard  drives 


■  Smart  Array  P400  controller 
>  Integrated  Lights-Out  (iL02),  Systems  Insight 
Manager,  SmartStart 


•  Ships  with  Data  Protector  Express  Software, 
One  Button  Disaster  Recovery,  a  1 U 
Rackmount  Kit,  and  a  Host  Bus  Adapter 


Get  More: 


Smart  24x7,  4  hour  response,  3  years 
(PN:  UE894E)  $689 


Smart  Add  1G8  additional  memory, 
(PN:  397409-S21)  $149 
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MOne  of  the 
things  that 
everybody 
now  understands  is 
that  you  can  treat 
software  as  a  renew¬ 
able  natural  resource 
-  like  forest  products 
or  fish  in  the  sea. 


Continued  from  page  18 
most  important  partisans  of  unfreedom 
are  the  owners  of  culture  —  the  Dis¬ 
ney  s  and  the  other  major  movie  stu¬ 
dios,  who  have  a  great  deal  of  image¬ 
making  authority  in  the  world  and  a 
great  deal  to  lose  from  the  obliteration 
of  their  distribution  mechanisms. 

Proprietary  software  companies  may  not 
want  to  hear  about  such  radical  ideas  that 
could  put  them  out  of  business.  How  do 
you  make  anybody  listen?  Possibly  the 
difficulty  you  are  having  is  too  quick  a 
diagnosis  about  what  businesses  need. 
The  fundamental  theory  that  I  believe 
has  to  do  with  the  benefits  of  what  I 


think  of  as  “copyleft  capitalism”  [the 
idea  of  making  a  program  or  other  piece 
of  work  freely  distributable,  as  opposed 
to  restricting  its  use  via  a  copyright]. 

The  primary  desire  that  businesses 
have  is  for  control  over  their  own 
destinies,  for  avoidance  of  autonomy 
bottlenecks  which  put  the  fate  of  their 
business  into  the  hands  of  someone 
else.  The  difficulty  that  they  experi¬ 
ence  —  that  they  call  vendor  lock-in, 
or  noninteroperability  —  is  a  dif¬ 
ficulty  which  is  really  a  businessman’s 
equivalent  of  [Free  Software  Founda¬ 
tion  President  Richard]  Stallman’s 
frustration  at  unfreedom.  They  are 
essentially  the  same  recognition:  In 
a  world  of  complex,  interdependent 
technology,  if  I  don’t  control  my  tech¬ 
nology,  it  will  control  me.  Stallman’s 
understanding  of  that  proposition  and 
Goldman  Sachs’  understanding  [for 
example]  needn’t  be  as  far  apart  as  one 
might  think.  The  desire  to  maintain 
autonomy  —  the  desire  to  avoid  con¬ 
trol  of  destiny  by  outside  parties  —  is 
as  fierce  in  both  cases  as  it  can  get. 

The  near  death  of  IBM  in  the  1980s 
gave  that  organization  a  clear  under¬ 
standing  of  how  to  avoid  having  its 
destiny  controlled  by  somebody  who 
made  software.  And  as  you  look  at  the 
ripples  of  this  idea  through  the  econo¬ 
my,  you  begin  to  understand  why  lots 
of  people  are  going  to  take  up  this  call. 

Each  [IT  vendor]  is  left  in  a  different 
place  because  they  are  different  entities. 
One  of  the  things  that  everybody  now 
understands  is  that  you  can  treat  soft¬ 
ware  as  a  renewable  natural  resource 
—  like  forest  products  or  fish  in  the  sea. 
If  you  build  community,  if  you  make 
broadly  accessible  the  ability  to  create, 
then  you  can  use  your  limited  resourc¬ 
es  not  on  the  creation  or  maintenance 
of  anything,  but  on  the  editing  of  that 
which  is  already  created  elsewhere. 

So  you’re  saying  that  open  source  is  basi¬ 
cally  changing  the  attitudes  of  traditional 
companies?  All  of  these  companies  are 
coming  to  depend  heavily  in  profit¬ 
making  business  on  nonprofit  supply 
chain  [the  open-source  software  they 
are  using].  They  are  each  discovering 
that  there  are  nonprofit  supply-chain 
elements  which  are  crucial  to  profit¬ 
making  success.  Now,  in  20th  century 
economic  organizations,  if  you  had 


discovered  at  General  Motors  that  30% 
of  the  value  of  each  of  your  cars  was 
coming  from  a  nonprofit  down  the 
street,  you’d  have  gone  and  bought  the 
nonprofit.  [But]  because  of  GPL  and 
the  copyleft,  a  large  portion  of  that 
nonprofit  supply  chain  is  unpurchase¬ 
able.  You  can’t  own  it.  It  was  designed 
to  be  a  commons. 

If  you’ve  become  dependent  on  a 
commons  for  whatever  role  in  your 
business,  then  what  you  need  is  com¬ 
mons  management.  You  don’t  strip- 
mine  the  forest;  you  don’t  fish  every  fish 
out  of  the  sea.  And,  in  particular,  you 
become  interested  in  conservation  and 
equality.  You  want  the  fish  to  remain 
in  the  sea,  and  you  don’t  want  anybody 
else  overfishing.  So  you  get  interested 
in  how  the  fisheries  are  protected. 

I  train  forest  rangers  to  work  in  a 
forest  that  some  people  love  because 
it’s  free  and  other  people  love  because 
it  produces  great  trees  cheaply.  But 
both  sides  want  the  forest  to  exist  pris¬ 
tine  and  undesecrated  by  greedy  be¬ 
havior  by  anybody  else.  Nobody  wants 
to  see  the  thing  burn  down  for  one 
group’s  profit.  Everybody  needs  it. 

So  whether  you  are  IBM,  which  has 
one  strategy  about  the  commoditiza¬ 
tion  of  software,  or  Hewlett-Packard, 
which  has  another  —  whatever  your 
particular  relationship  to  that  reality 
is  —  everybody’s  beginning  to  get  it. 

In  the  21st  century  economy,  it  isn’t 
factories  and  it  isn’t  people  that  make 
things.  It’s  communities. 

Is  Microsoft  and  its  occasional  patent 
threats  to  Linux  something  that  keeps  you 
awake  at  night?  I  have  spent  more  time 
studying  that  problem  than  Microsoft 
has  spent  creating  that  problem.  It 
doesn’t  keep  me  awake  at  night,  but  it 
keeps  me  at  work  during  the  day.  If  in 
the  process  of  irreversible  change,  Mi¬ 
crosoft  launches  its  missiles  —  which 
other  dying  empires,  like  the  Soviet 
Union,  have  managed  not  to  do  —  we 
will  protect  our  clients.  If  they  die 
without  launching  their  missiles,  it 
will  be  better  for  everyone. 

Do  you  personally  use  much  proprietary 
software  today?  No,  none.  I  have  never 
been  a  Windows  user.  I  have  never 
used  the  Macintosh  OS. 

—  Interview  by  Todd  R.  Weiss 
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When  Lexus  needed  to  expand,  they  sought  the  same  impeccable  standards  they  developed 
in  Japan.  They  found  it  here,  in  Ontario.  Ontario  fulfilled  all  of  Lexus’  prerequisites:  our 
location  in  the  heart  of  North  America  and  transportation  infrastructure  linking  us  to 
millions  of  customers;  our  skilled  workforce  and  tradition  of  automotive  innovation;  and 
our  competitive  business  costs.  Since  the  first  RX  330  rolled  off  the  line,  the  Cambridge, 
Ontario  plant  has  satisfied  all  of  Lexus’  quality  demands.  In  fact,  Lexus’  parent  company, 
Toyota,  will  be  opening  a  second  Ontario  plant  in  2008.  The  Japanese  have  a  word 
for  continuous  improvement:  kaizen.  Now  they  have  another:  Ontario.  There’s  no  better 
place  in  the  world  to  do  business.  _ 


CANADA 

2ontario.com/quality 

1-800-819-8701 
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Ontario  Paid  for  by  the  Government  O' 


m  OPINION 

Michael  Gartenberg 

Google’s  Android  Is 
An  Audacious  Move 


WHILE  SOME  had  expected  Google  to  come 

out  with  an  iPhone-killing  G-Phone,  the  com¬ 
pany’s  announcement  in  November  of  the  An¬ 
droid  mobile  platform  is  something  far  more 
sweeping,  and  it  has  ramifications  for  IT. 


To  show  that  Android 
is  no  pipe  dream,  Google 
J  trotted  out  scores  of 
partners  in  the  initiative, 
including  handset  ven- 
J  dors,  carriers  and  soft¬ 
ware  providers.  What’s 
most  interesting  is  that 
the  Linux-based  platform 
!  will  be  open  source  (un¬ 
der  the  Apache  license) 
and  free  of  charge. 

So,  why  is  Google  do¬ 
ing  this?  It  aspires  to  get 
its  applications  into  the 
mobile  sphere,  but  right 
!  now  there’s  just  too  much 
platform  fragmentation. 
Even  Java  on  one  handset 
J  is  not  like  Java  on  an¬ 
other.  Lacking  a  single, 
strong  platform  to  build 
|  on,  Google  wants  to  cre¬ 
ate  one.  That’s  why  it 
isn’t  coming  out  with  its 
own  hardware  or  tying 
Android  to  one  carrier. 

The  cost  of  Android 
(there  is  none!)  is  going 
to  make  it  attractive  to 
both  handset  vendors 
and  carriers.  And  there 


are  no  strings  attached 
other  than  a  very  impor¬ 
tant  agreement  not  to 
fragment  the  platform. 
Google  will  offer  a  suite 
of  mobile  applications 
for  Android,  but  it  won’t 
require  that  the  apps  be 
used.  In  theory,  you  could 
see  Android  handsets 
with  Yahoo  Mail  and  Live 
Search,  but  no  Google 
services  at  all. 

If  Google  delivers  on 
its  vision,  the  impact 
to  consumers  could  be 
huge.  The  mass  market  is 
finally  embracing  more 

■  Is  Google’s 
entry  into  the 
mobile  market  a 
smart  move?  Yes. 
It’s  as  if  IBM  had 
offered  Linux  to  PC 
vendors  for  free 
at  the  time  Micro¬ 
soft  introduced 
Windows  NT. 


functionality  in  mobile 
devices,  but  at  the  same 
time,  carriers  and  hand¬ 
set  vendors  are  looking  to 
cut  costs.  Android  might 
bridge  that  gap.  And 
Google  has  the  corporate 
heft  to  prevent  the  mar¬ 
ket  from  fragmenting,  so 
it  could  succeed  where 
other  Linux  implementa¬ 
tions  have  failed. 

Is  Google  making  a 
smart  move?  To  answer 
that,  consider  a  bit  of 
alternative  history.  Sup¬ 
pose  that  Linux  had  been 
available  at  the  time  that 
Microsoft  came  out  with 
Windows  NT.  Now  sup¬ 
pose  that  IBM  decided 
to  offer  Linux  for  free  to 
PC  vendors  along  with  a 
core  suite  of  applications. 
How  different  would  the 
PC  business  be  today? 

Oh,  and  there  are  a  lot 
more  phones  out  there 
than  there  are  PCs. 

But,  of  course,  busi¬ 
ness  users  are  not  con¬ 
sumers,  and  corporate  IT 
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will  have  a  different  take 
on  Android.  Google  will 
need  to  articulate  why 
business  users  should 
embrace  this  platform. 

At  the  moment,  a  lot 
is  missing  for  business 
deployment.  There  was 
no  announcement  that 
Android  would  support 
Exchange  synchroniza¬ 
tion,  be  compatible  with 
Office  applications  or  al¬ 
low  central  device  man¬ 
agement.  Google’s  mobile 
competitors  already 
have  solutions  for  these 
things  that  work  well. 
Enterprise  developers 
will  want  to  keep  an  eye 
on  Android,  but  it’s  not 
something  they’ll  em¬ 
brace  in  the  short  term. 

Still,  IT  cannot  ignore 
last  year’s  big  develop¬ 
ments  in  the  mobile  mar¬ 
ket.  A  year  ago,  neither 
Google  nor  Apple  was 
a  player,  and  today  they 
are  two  of  the  most  rel¬ 
evant  and  talked-about 
companies  in  the  mobile 
world.  Things  are  mov¬ 
ing  fast,  and  IT  has  to  pay 
attention  as  the  combat¬ 
ants  fire  one  salvo  after 
another.  ■ 

Michael  Gartenberg  is  vice 
president  and  research 
director  for  the  personal 
technology  and  access  and 
custom  research  groups 
at  JupiterResearch  in 
New  York.  Contact  him  at 
mgartenberg@optonline. 
net.  His  weblog  and  RSS 
feed  are  at  http:// weblogs. 
jupiterresearch.com/ 
analysts/gartenberg. 
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Congratulations.  Your  IT  security  is  working  hard.  But  there's  something  more  it  should  do  (besides  the  protection,  compliance, 
access,  etc.).  IT  security  should  actually  make  your  business  more  efficient.  More  flexible.  More  competitive.  CA  can  help.  Our 
Security  Management  centralizes  your  identity  and  access  management  to  turn  IT  security  into  a  proactive,  business-building 
tool.  So  your  security  strengthens  customer  relationships,  grows  partnerships  and  helps  your  enterprise  address  changing 
markets  with  ninja-like  agility.  All  with  CA's  best-in-class  modularity,  scalability  and  integration.  But  don't  just  take  our  acronym 
for  it.  Download  the  white  paper,  "Security  Management:  Aligning  Security  with  Business  Opportunities,"  at  ca.com/secure. 
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that  the  Internet  will 

soon  experience  a  catastrophic  failure,  a  multi¬ 
day  outage  that  will  cost  the  U.S.  economy 
billions  of  dollars. 

Or  maybe  it  isn’t  likely. 

In  any  case,  companies  are  not  prepared 
for  such  a  possibility. 

But  then  again,  some  are. 

These  mixed  messages  come  from  cred¬ 
ible  sources.  The  confusion  stems  in  part 
from  the  fact  that  the  Internet  has  never 
seen  anything  much  worse  than  local  out¬ 
ages  ana  brief  slowdowns.  But  could  it?  And 
if  it  did,  how  ready  would  your  company  be? 


Indeed,  the  threat  is  “urgent  and 
real,”  says  The  Business  Roundtable, 
an  association  of  CEOs  of  large  U.S. 
companies.  The  Washington-based 
public  policy  advocacy  group  says 
there  is  a  10%  to  20%  chance  of  a 
“breakdown  of  the  critical  information 
infrastructure”  in  the  next  10  years, 
brought  on  by  “malicious  code,  coding 
error,  natural  disasters,  [or]  attacks  by 
terrorists  and  other  adversaries.” 

An  Internet  meltdown  would  result 
in  reduced  productivity  and  profits, 
falling  stock  prices,  erosion  of  consum¬ 
er  spending  and  potentially  a  liquidity 
crisis,  according  to  a  recent  Business 
Roundtable  report,  “Growing  Business 
Dependence  on  the  Internet  —  New 
Risks  Require  CEO  Action.”  The  or¬ 
ganization  based  its  conclusions  on 
earlier  risk  analyses  done  by  the  World 
Economic  Forum  in  Geneva. 

Tom  Lehner,  director  of  public  pol¬ 
icy  at  The  Business  Roundtable,  says 
business  executives  often  fail  to  realize 
how  dependent  they  have  become  on 
the  public  network  —  for  e-mail,  col¬ 


laboration,  e-commerce,  public¬ 
facing  and  internal  Web  sites,  and  in¬ 
formation  retrieval  by  employees.  He 
also  notes  that  disaster  recovery  and 
business-continuity  plans  often  fail  to 
take  into  account  the  threat  an  Internet 
disruption  poses  to  a  company  and  its 
suppliers.  Moreover,  business  execu¬ 
tives  often  mistakenly  believe  that  gov¬ 
ernment  will  take  the  lead  in  restoring 
network  services  in  the  face  of  an  In¬ 
ternet  failure,  according  to  Lehner. 

“What  we  wanted  to  do  in  this  re¬ 
port  is  say  to  CEOs,  ‘You  may  not  real¬ 
ize  that  whole  segments  of  your  busi¬ 
ness  are  almost  completely  dependent 
on  the  Internet,  and  it’s  not  enough  to 
have  a  few  IT  specialists  to  help  you 
respond  to  problems  as  they  come 
up,’  ”  Lehner  says. 

JUDGING  THE  RISK 

Stephen  Crocker,  an  Internet  pioneer 
and  chairman  of  the  Security  and  Sta¬ 
bility  Advisory  Council  of  the  Internet 
Corporation  for  Assigned  Names  and 
Numbers  (ICANN),  says  he  tries  to 


walk  a  line  between  “Chicken  Little, 
things-are-terrible”  scenarios  and 
“Pollyanna,  the-world-is-wonderful” 
views  of  the  Internet.  He  says,  for 
example,  that  he  worries  little  about 
a  physical  attack  on  the  Internet  — 
against  major  hubs,  lines  and  so  on.  “I 
don’t  know  of  any  physical  attack  that 
would  have  any  widespread  or  long- 
lasting  effect,”  he  says.  “The  Internet 
is  pretty  robust  at  the  physical  layer. 
There  are  just  too  many  alternate 
paths  available.” 

But  the  Internet  is  not  so  robust 
at  other  layers,  admits  Crocker,  the 
CEO  of  Shinkuro  Inc.,  a  Bethesda, 
Md.-based  developer  of  information¬ 
sharing  technology.  He  points  to  the 
possibility  of  “systematic  failure  of 
operating  systems  like  Windows,  or 
penetration  by  worms  that  run  ram¬ 
pant  and  cause  massive  amounts  of 
chaos,”  or  floodlike  denial-of-service 
attacks.  Still,  he  says,  these  kinds  of 
disruptions,  although  annoying  and 
potentially  quite  costly,  are  typically 
resolved  in  a  matter  of  hours  and  thus 
stop  short  of  being  the  kind  of  catas¬ 
trophe  that  the  Business  Roundtable 
report  contemplates. 

Others  agree  that  the  risk  of  catas¬ 
trophe  is  minimal.  Asked  if  he  worries 
about  an  Internet  meltdown,  Michael 
Long,  senior  vice  president  of  global 
services  at  Siemens  Medical  Solutions, 
says,  “Anything  is  possible,  certainly, 
with  things  today  like  the  terrorism 
situation.  But  we  are  pretty  confident 
that  if  we  did  have  an  Internet  hiccup, 
we’d  go  with  alternate  communication 
paths.” 

In  fact,  he  says,  he  views  the  Inter¬ 
net  as  something  of  a  backup  for  his 
dedicated  lines  from  AT&T  Inc.  and 
Verizon  Communications  Inc. 

Malvern,  Pa.-based  Siemens  Medical 
Solutions  provides  application  host¬ 
ing  for  more  than  1,000  health  care 
customers  at  600  sites,  mostly  through 
private,  dedicated  lines. 
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:  “THE  BANK  and  financial  sector  is 

•  in  good  shape  for  [Internet]  disruptions, 

•  as  they  have  regulatory  requirements 

|  that  force  them  to  be  prepared,  and  they 
:  can  justify  the  expense  of  prepared- 

•  ness,”  says  Patrick  Cain,  chairman  of 

•  a  network  security  working  group  of 
|  the  Internet  Engineering  Task  Force. 

:  “Additionally,  many  interbank  financial 

:  networks  do  not  operate  over  the  vanilla 

•  Internet,  so  they  are  a  little  more  insu- 
:  lated  from  general  Internet  problems.” 

:  But  other  IT  professionals  are  less 

;  sanguine.  “The  financial  industry  is 

•  worried  about  the  possibility  of  a  wide- 
j  spread  or  prolonged  Internet  outage,” 

:  says  Dan  Schutzer,  executive  director  of 

•  ;  the  Financial  Services  Technology  Con- 
|  sortium  in  New  York.  “We  already  have 
[  some  facility  to  work  despite  [an]  out- 

:  age,  but  we  are  also  continually  looking 

•  at  what  more  we  can  do.” 

•  Schutzer  says  the  industry  got  a  “rude 
»  awakening”  on  9/11,  when  it  learned  it 

:  didn’t  have  the  communications  diverse 
:  ty  and  redundancy  that  it  thought  it  did. 
As  a  result,  many  financial  companies 
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have  taken  these  steps  to  protect  them¬ 
selves  against  another  Internet  outage: 

Set  up  dedicated  networks  inde¬ 
pendent  of  telephone  companies  in 
certain  parts  of  the  country.  “They  are 
survivable  communications  owned  and 
operated  by  financial  service  utilities,” 
Schutzer  says,  declining  to  give  details. 

i  Negotiated  more  aggressively  with 
communications  companies  to  guaran¬ 
tee  diverse  routing. 

Separated  data  centers  and  com¬ 
munications  centers  more  widely  geo¬ 
graphically. 

But  concerns  about  reliance  on  the 
Internet  extend  beyond  direct  threats  to 
the  Net  itself,  Schutzer  says.  And  some 
of  the  more  mundane  possibilities  could 
turn  out  to  be  the  most  troublesome.  For 
example,  he  says  that  in  a  flu  pandemic, 
large  numbers  of  employees  may  be 
forced  to  work  at  home  via  VPNs  on  the 
Internet.  “What  happens  to  the  available 
bandwidth,”  Schutzer  asks,  “if  these 
employees  are  competing  with  kids  up¬ 
loading  MP3  files?” 

-GARYANTHES 
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Long  does  concede  that  certain 
functions  would  be  a  “challenge”  with¬ 
out  the  Internet. 

For  example,  Siemens  uses  the  Inter¬ 
net  extensively  for  troubleshooting  and 
remote  diagnostics  by  its  major  IT  ven¬ 
dors,  IBM,  Hewlett-Packard  Co.  and 
Cisco  Systems  Inc.  Also,  the  company 
receives  1  million  e-mail  messages  a 
week  via  the  Internet,  he  says. 

There  is  a  good  chance  that  parts 
of  the  Internet  will  fail  from  time  to 
time,  says  Neal  Puff,  CIO  of  Yuma 
County,  Ariz.  “But  having  been  based 
on  the  Arpanet  and  designed  to  keep 
functioning  when  pieces  are  broken,  it 
seems  less  likely  that  the  entire  Inter¬ 
net  would  stop  working.” 

The  county  currently  accesses  its 
ERP  applications  via  a  virtual  private 
network  over  the  Internet,  and  it  offers 
many  Web  services  to  citizens  from  its 
own  data  center,  also  via  the  Internet. 
But  Puff  says  that  because  of  reliability 
concerns,  he  wants  to  flip  that  around, 
offering  externally  facing  services 
from  a  distant  site  and  hosting  applica¬ 
tions  for  internal  use  in  his  own  data 
center. 

Puff  says  it  is  less  likely  that  the  In¬ 
ternet  would  be  disrupted  at  a  hosting 
company  in  a  big  metropolitan  area 
that  has  a  robust  infrastructure  and  a 
lot  of  redundancy  than  it  would  be  in 
sparsely  populated  Yuma  County.  Con¬ 
versely,  internal  users  are  less  likely  to 
lose  the  use  of  their  corporate  applica¬ 
tions  if  those  applications  reside  in  the 
data  center  and  don’t  depend  on  the 
Internet. 

These  moves  will  offer  some  protec¬ 
tion  against  network  outages,  but  not 
100%  protection,  Puff  acknowledges. 

“If  the  entire  Internet  goes  down, 
everyone’s  in  a  world  of  hurt,  but  I  try 
to  look  at  the  probabilities.” 

BURNED  BRIDGES 

BNSF  Railway  Co.  in  Fort  Worth, 
Texas,  also  uses  a  private,  non-Internet 
network  for  its  core  operations  and  for 
transactions  with  major  customers. 

But  it  uses  the  Internet  for  many  less- 
critical  functions  that  would  be  painful 
to  lose  if  the  Internet  went  down,  says 
Beth  Bonjour,  assistant  vice  president 
for  technology. 

For  example,  BNSF  uses  the  Internet 
Continued  on  page  28 
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'PATRICK  CAIN,  chairman  of  a  network  Mass.,  it’s  natural  for  people  planning 
security  working  group  of  the  Internet  for  disasters  to  concentrate  on  the 

Engineering  Task  Force,  says  he  finds  big,  dramatic  events,  like  the  crash  of 

the  possibility  of  a  catastrophic  Inter-  an  airliner  into  a  data  center.  Mean- 
net  failure  unlikely.  He  points  out  that  while,  lesser  but  more  likely  events  are 

a  major  earthquake  in  Japan  in  2005  ignored.  For  example,  he  says,  if  an 

slowed  traffic  in  and  out  of  Japan  but  organization  has  some  local  problem 

went  largely  undetected  in  the  rest  of  that  prevents  access  by  the  public  to  its 

the  world.  When  hurricanes  disrupt  Web  site,  that  can  create  a  public  rela- 
traffic  along  the  East  Coast  of  the  U.S.,  tions  disaster, 
traffic  is  seamlessly  routed  to  the  West  “So  if  you  are  on  the  West  Coast, 
Coast.  And  when  a  domain  name  server  maybe  you  should  get  a  cheap  Web 

goes  down,  an  alternate  server  picks  up  host  on  the  East  Coast  set  up  as  a 
the  traffic.  fail-over  site,”  he  says.  “But  very  few 

But,  says  Cain,  co-founder  of  The  companies  do  that.” 

Cooper  Cain  Group  Inc.  in  Cambridge,  -  GARY  ANTHES 
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Continued  from  page  26 
for  its  customer  help  desk  and  to  pro¬ 
vide  shipment-tracking  information  to 
smaller  customers.  Offering  customers 
self-help  via  Web  sites  allowed  BNSF 
to  reduce  its  support  staff,  but  now  the 
railway  doesn’t  have  adequate  staffing 
to  handle  the  fax,  telephone  and  other 
means  of  communication  that  it  would 
be  necessary  to  use  if  the  Internet  went 
down.  There  have  been  some  limited 
Internet  outages,  Bonjour  says,  “and 
it’s  not  pretty.” 

INCONVENIENT  AT  BEST 

Similarly,  Intermountain  Health  Care 
Inc.  in  Salt  Lake  City  uses  a  dedicated 
WAN  to  communicate  with  its  major 
hospitals  and  clinics,  but  it  uses  the 
Internet  for  many  other  things,  such  as 
contact  with  vendors  and  health  plan 
brokers  and  for  access  to  WebMD,  an 
online  source  of  health  advice.  There 
are  backups  for  some  of  those  things. 
For  example,  ordinary  telephone  ser¬ 
vice  can  be  used  to  communicate  with 
vendors.  But  for  others,  such  as  broker 
relations,  there  is  no  backup.  “It  would 
be  encumbered  tremendously  if  the  In¬ 
ternet  went  down,”  says  Marc  Probst, 
CIO  at  Intermountain. 


Asked  in  a  telephone  interview 
if  Internet  alternatives  are  part  of 
Intermountain’s  disaster  recovery 
and  business-continuity  plans,  Probst 
says,  “We  haven’t  sat  down  and  gone 
through  that  kind  of  thinking.  It’s 
probably  a  very  good  thing  to  do,  and 
we  will,  right  after  this  phone  call.” 


ICANN’s  Crocker  says  that  although 
the  Internet  has  serious  vulnerabilities, 
some  of  them  could  be  patched  rela¬ 
tively  easily.  He  urges  IT  and  business 
leaders  to  speak  up  and  demand  better 
technology.  “Today,  the  network  opera¬ 
tors,  equipment  vendors,  government 
and  business  all  seem  to  accept  the  idea 
the  network  is  inherently  dangerous 
and  can’t  be  modified  in  any  useful  way. 
I  think  that’s  fundamentally  wrong.” 

He  points  to  a  number  of  practical 
proposals  for  Internet  improvements 
that  have  gone  nowhere,  including 
Internet  Best  Current  Practice  38  (see 
story  at  left). 

Crocker  says  the  Business  Round¬ 
table  report  and  similar  critiques  carry 
an  “implied  assumption”  that  individual 
companies  can  protect  themselves. 
There  is  some  truth  to  that,  he  says, 
because  companies  can,  for  example, 
get  multiple  copies  of  critical  systems 
running  in  different  locations,  albeit  at 
considerable  expense. 

But  he  says  that  the  most  important 
thing  companies  should  do  is  to  band 
together  to  improve  the  overall  situa¬ 
tion.  A  “first-class”  CIO,  Crocker  says, 
should  approach  his  CEO  with  this 
message:  “Boss,  we  need  to  take  care  of 
ourselves,  but  we  also  need  to  organize 
into  a  powerful  user  group  and  bring 
some  pressure  on  [vendors]  so  that  the 
network  is  fundamentally  safer  tomor¬ 
row  than  it  is  today.”  ■ 


Best  Practice 

Not  Practiced 
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IN  MAY  2000,  in  response  to  a  “resur¬ 
gence  in  denial-of-service  attacks”  against 
Internet  targets,  the  Network  Working 
Group  of  the  Internet  Engineering  Task 
Force  issued  a  request  for  comments 
(RFC),  titled  “Network  Ingress  Filtering: 
Defeating  Denial-of-Service  Attacks  Which 
Ernploy  IP  Source  Address  Spoofing.” 

Behind  the  complicated  title  lay  a  simple 
idea,  A  lot  of  mischief  on  the  Internet, 
including  denial-of-service  attacks  that 
flood  Web  sites,  rely  on  randomly  chang¬ 
ing  forged  source  addresses.  That  is,  the 
offending  data  packets  do  not  contain  the 
real  “return  address”  of  the  computer  that 
sent  them.  But  through  a  simple  process 


service  providers  could  check  packets  to 
ensure  that  they  contain  valid,  legitimately 
reachable  source  addresses,  says  the  RFC, 
which  has  since  been  named  Best  Current 
Practice  38  ( www.armware.dk/RFC/bcp/ 
bcp38.html). 

“To  what  extent  have  the  ISPs  implement¬ 
ed  that?”  asks  Steve  Crocker,  chairman 
of  ICANN’s  Security  and  Stability  Advisory 
Council.  “The  answer  is,  hardly  at  all.  They 
said,  ‘It’s  expensive,  and  besides,  no  one  is 
forcing  it  on  us.’  This  is  something  that  can 
and  should  be  done  to  improve  the  overall 
security  of  the  Internet,  but  it  doesn’t  fit 
the  model  of  how  someone  can  make  more 
money  by  selling  a  new  product.” 

-GARY  ANTHES 


called  network-ingress  filtering,  Internet  -  GARY  ANTHES 
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Sources:  Software  &  Information  Industry  Association  2006,  and 
Gartner  2007.  For  specific  details,  visit  www.webroot.com/saas. 
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Better  e-mail  security  just  got  a 
whole  lot  easier.  And  cheaper. 

Introducing  Security  Software  as  a  Service  from  Webroot.® 

The  challenge  with  hardware  and  software  security  solutions  is  that  you  constantly  have 
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Now  you  can  avoid  that  whole  hardware-software  trap  by  getting  your  security  in  the 
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E-Mail  Security  SaaS  stores  and  tracks  100%  of  your  e-mail  offsite,  so  nothing  ever  gets 
lost  and  your  e-mail  solution  automatically  meets  your  compliance  needs. 


Five  scanning  engines  and  a  99.999%  uptime  guarantee  deliver  the  best  e-mail  security 
solution  on  the  market.  Best  of  all,  it’s  completely  painless  to  set  it  up  and  the  most 
convenient  solution  you  can  deploy.  Which  is  why  we  have  been  selected  to  protect 
more  than  2.5  million  e-maii  accounts  to  date. 

If  you  want  better  security,  easier  and  cheaper,  get  Webroot  E-Mail  Security  SaaS.  Call 

1.800.870.8102  or  visit  www.webroot.com/saas  today. 
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CAREERS 


s  It’s  Time 
ook  for  a 


New  Job  in 


Don’t  be  the  last 
to  realize  you 
ought  to  move  on. 

By  Thomas 
Hoffman 


SHORT  OF  be¬ 
ing  handed 
your  walking 
papers,  there 
are  often 
telltale  signs 
that  it’s  time 
to  look  for  a  new  job:  You 
haven’t  been  promoted  since 
the  Clinton  administration. 
The  most  exciting  assign¬ 
ments  are  routinely  handed 
to  your  peers  or  underlings. 
Your  desk  keeps  moving  far¬ 
ther  and  farther  from  where 
the  action  is. 

But  some  indicators  are 
less  obvious,  such  as  subtle 
shifts  in  an  IT  organization’s 
structure  that  can  result  in 
career  stagnation.  A  variety 
of  career  experts,  headhunt¬ 
ers,  recruiters,  CIOs  and  IT 
staffers  gave  us  their  takes 
on  when  it’s  time  to  move  on. 

1Y0UR  ROLE  HAS  BECOME 
MARGINALIZED.  If  you’re 
being  bypassed  for 
promotions  or  interesting  as¬ 
signments,  or  they’re  consis¬ 
tently  being  offered  instead 
to  IT  workers  in  subordinate 
positions,  “that  would  be  an 
obvious  sign,”  says 
Robert  Rosen,  CIO 
at  the  National  In¬ 
stitute  of  Arthritis 
and  Musculoskeletal 
and  Skin  Diseases 
in  Bethesda,  Md„  and  past 
president  of  Share,  an  IBM 
user  group  in  Chicago. 

Often,  the  handwriting  is 
on  the  wall.  You  just  need 
to  stop,  step  back  and  read 
it.  “If  you  feel  like  you’re  no 
longer  contributing,  there’s 
a  good  chance  you  may  not 
be,”  says  Frank  Hood,  CIO 
at  QIP  Holder  LLC  (Quiz- 
nos)  in  Denver. 


2 


YOU’VE  STOPPED 
GROWING.  If  you’re 
not  learning  every 
day,  if  you’re  not  doing  new 
things,  and  if  you’re  not  im¬ 
proving,”  it’s  time  to  move 
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When  to  Stay  Put 


If  you  hate 
wnat  you’re 
doing  or  you’re 
not  proud  of  what 
you  re  doing,  or 
there’s  an  issue 
you  need  to  talk 
to  your  boss  about 
but  you  don’t  be¬ 
cause  you  know  it 
won’t  do  any  good 
-  that’s  when  it’s 
time  to  look  for  a 
new  job. 

JOEL  REITER,  APPLICATION 
^NA^S^^BANCOR^^j 

on,  says  Sara  Garrison, 
senior  vice  president  of 
product  and  solutions  devel¬ 
opment  at  Sabre  Holdings 
Corp.  in  Southlake,  Texas. 

Red  lights  should  be  flash¬ 
ing  if  you’ve  effectively  been 
in  the  same  role  for  two 
or  three  years  and  haven’t 
taken  on  any  significant  new 
challenges  during  that  time 
frame,  says  Umesh  Rama- 
krishnan,  vice  chairman  of 
CTPartners,  an  executive  re¬ 
cruiting  firm  in  New  York. 

3  YOU’RE  NOT  PART  OF 
THE  BIG  PICTURE.  Most 
CIOs  assemble  a  road 
map  of  where  they  intend  to 
take  their  organizations  over 
the  next  12  to  60  months, 
including  the  top  IT-business 
projects  they  plan  to  work  on, 
notes  Joe  Trentacosta,  CIO  at 
Southern  Maryland  Electric 
Cooperative  in  Hughesville, 
Md.  If  there  are  a  lot  of  up¬ 
coming  projects  that  don’t 
include  your  area  of  exper¬ 
tise  or  in  which  you  may  play 
a  minor  role  at  best,  “that’s  a 
warning  sign,”  he  says. 

Further,  if  you’ve  been  rel¬ 
egated  to  a  commodity-type 
IT  function  that  offers  little 
value  to  the  organization  or 
can  easily  be  outsourced, 


“it’s  time  to  move  on  to  a 
new  opportunity,”  says  Hans 
Keller,  chief  technology  of¬ 
ficer  at  the  National  Aquari¬ 
um  in  Baltimore. 

4  YOU’VE  BEEN  EXCLUD¬ 
ED.  If  you’re  a  CIO  or 
other  senior  IT  man¬ 
ager,  the  alarms  can  include 
your  not  being  asked  to 
participate  in  new  business 
decisions  or  being  excluded 
from  formal  or  informal  ex¬ 
ecutive  committee  meetings, 
says  Craig  Urrizola,  CIO  at 
Saladinos  Inc.  in  Fresno,  Ca¬ 
lif.  The  view  is  equally  bleak 
if  you’re  an  IT  staffer  whose 
input  on  new  projects  is  no 
longer  requested  or  is  sought 
on  just  a  limited  basis. 

5  YOUR  LEVEL  OF  INFLU¬ 
ENCE  IS  WANING.  A  CIO 

certainly  has  more 
clout  within  an  organization 
than  a  network  engineer. 

But  all  IT  professionals  pos¬ 
sess  some  level  of  influence 
within  their  work  teams  or 
at  least  among  their  own 
peer  groups.  If  you  see 
your  powers  of  persuasion 
shrinking,  Keller  suggests 
that  it’s  time  to  move  on. 

6  YOU  NO  LONGER  ENJOY 
THE  WORK.  “Someone 
once  told  me  that 
we’re  not  here  for  a  long 
time;  we’re  here  for  a  good 
time,”  says  Michael  Nie- 
set,  managing  partner  for 
the  technology  practice  at 
Heidrick  &  Struggles  Inter¬ 
national  Inc.  in  Cleveland. 
“If  you’re  not  excited  about 
the  projects  you’re  working 
on,  fix  it,”  he  says.  “If  you 
are  wholly  engaged,  passion¬ 
ate  about  what  you’re  doing 
and  doing  what  you’re  good 
at,  you’ll  be  fulfilled  and 
rewarded  accordingly.  Some¬ 
times  people  stay  in  subop- 
timal  situations  because  it’s 
comfortable  for  them.  You 
have  to  take  control.” 


Would-be  job  hoppers  who 
are  unsure  whether  it’s  the 
right  time  to  jump  would  be 
well  advised  to  take  a  line 
from  Kenny  Rogers’  “The 
Gambler”:  You  got  to  know 
when  to  hold  ’em;  know 
when  to  fold  ’em. 

Here  are  some  concrete 
tips  from  career  experts  on 
when  it’s  best  to  stay  in  your 
current  role: 

■  If  you  are  consistently 
receiving  new  and  chal¬ 
lenging  assignments  and/or 
promotions. 

■  If  you  are  asked  or  encour¬ 
aged  by  your  employer  to 
take  on  additional  training  to 
help  expand  your  skills. 

■  If  you  are  offered  incen- 

7  CONTINUOUS  IMPROVE¬ 
MENT  ISN’T  PART  OF 
THE  MANTRA.  Some¬ 
times,  there  are  organiza¬ 
tional  changes  —  or  lack 
thereof —  that  you  should  re¬ 
gard  as  career  alerts.  These 
include  stagnation  within  a 
corporation  or  an  IT  depart¬ 
ment.  If  your  IT  organiza¬ 
tion  has  been  using  the  same 
application  development 
techniques  for  the  past  15 
years  and  has  made  no  effort 
to  update  its  approach,  “then 
something’s  wrong,”  says 
David  Van  De  Voort,  a  prin¬ 
cipal  consultant  in  Mercer 
LLC’s  Chicago  office. 

If  your  company  is  unwill¬ 
ing  to  invest  in  continuous 
improvement  processes  such 
as  CMMI,  ITIL  or  Six  Sigma, 
it  may  be  time  to  seek  a  com¬ 
pany  that  is,  he  adds. 

OTHER  PASTURES 
TRULY  ARE  GREENER.  If 

you’ve  reached  a  cross¬ 
roads  where  you’ve  become 


fives  and  rewards  for  com¬ 
ing  up  with  new  ideas  that 
help  the  organization. 

■  If  your  compensation 

is  equivalent  to  or  growing 
at  a  rate  that’s  comparable 
to  that  of  your  peers  in  like- 
sized  companies  or  similar 
industries. 

■  If  your  company  has  been 
on  a  strong  and  steady 
growth  path  -  and  that  is  re¬ 
flected  in  your  compensation. 

■  If  your  supervisor  provides 
you  with  clearly  defined  ca¬ 
reer  opportunities. 

■  If  your  organization  has 
high-quality  management 
and  mentoring. 

-  THOMAS  HOFFMAN 

disenchanted  with  your 
employer  for  one  reason  or 
another  (i.e.,  long  hours,  in¬ 
frequent  promotions,  career 
malaise)  and  you’ve  received 
a  job  offer  from  another 
company,  it  may  be  the  right 
time  to  jump  ship. 

“In  situations  where 
things  don’t  fix  themselves 
—  if  you  hate  what  you’re 
doing  or  you’re  not  proud  of 
what  you’re  doing,  or  there’s 
an  issue  you  need  to  talk 
to  your  boss  about  but  you 
don’t  because  you  know  it 
won’t  do  any  good  —  that’s 
when  it’s  time  to  look  for  a 
new  job,”  says  Joel  Reiter,  an 
application  analyst  at  U.S. 
Bancorp  in  St.  Paul,  Minn. 

In  this  situation,  however, 
be  certain  that  you’re  moving 
toward  a  good  opportunity 
and  not  just  moving  away 
from  one  that’s  gone  bad.  * 

NOT  SO  FAST!  Don’t  quit  your  job 
until  you’ve  considered  how  to  land  a  new 
one.  For  help,  read  “8  Ways  to  Land  a 
Job  in  ’08”  on  page  32. 
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Here’s  how  to  1 

get  noticed  and  /[ 
nail  the  interview. 

By  Thomas 
Hoffman 


■  CAREERS 


SURE,  demand 
for  IT  labor 
in  the  U.S.  is 
strong  across 
nearly  all  in¬ 
dustries  and 
government 

sectors.  But  having  a  techni¬ 
cal  certification  or  work  ex¬ 
perience  won’t  guarantee  an 
interview,  let  alone  a  job  offer. 

Here  are  some  tips  from 
IT  labor  experts,  recruiters, 
executives  and  workers  on 
how  to  get  the  position  you 
want  in  the  new  year. 

|  APPEAR  EMPLOYABLE. 

If  you’re  currently  un¬ 
employed,  find  a  tem¬ 
porary  position  or  work  as  a 
contractor,  says  Joel  Reiter, 
an  application  analyst  at  U.S. 
Bancorp  in  St.  Paul,  Minn. 
That  shows  flexibility  and 
ambition. 


KEEP  LEARNING.  “Edu¬ 
cation  is  absolutely 
vital  to  further  your 
career  in  IT,”  says  Neill 
Hopkins,  vice  president  of 
skills  development  at  The 
Computing  Technology  In¬ 
dustry  Association  Inc. 

Employers  look  for  a  dem¬ 
onstrated  thirst  for  knowl¬ 
edge  and  a  willingness  to 
learn  new  skills,  so  step  out 
of  your  comfort  zone  and 
learn  new  technologies  or 
take  an  evening  class.  “It 
shows  that  [you’re]  will¬ 
ing  to  be  aggressive  and  to 
learn,”  says  Joe  Trentacosta, 
CIO  at  Southern  Maryland 
Electric  Cooperative. 

3  WORK  YOUR  RELATION¬ 
SHIPS.  Savvy  job 
candidates  use  social 
networks  like  Linkedln  and 
Facebook  for  inside  word  on 


jobs  from  college  alumni, 
former  business  associ¬ 
ates  and  mentors,  says  Dan 
Reynolds,  CEO  of  The  Bro¬ 
kers  Group  LLC,  a  staffing 
firm  in  Princeton,  N.J. 

And  if  you’re  a  newbie, 
you  can  connect  with  po¬ 
tential  employers  through 
entry-level  job  listings  on  so¬ 
cial  networks,  says  Michael 
Nieset,  managing  partner  at 
Heidrick  &  Struggles  Inter¬ 
national  Inc.’s  technology 
practice  in  Cleveland. 

DOT  YOUR  i’s.  Make 
sure  your  resume  uses 
clear,  proper  English 
and  correct  spelling.  If  it’s 
sloppy,  “you  won’t  even 
make  it  past  the  first  gate,” 
says  Robert  Rosen,  immedi¬ 
ate  past  president  of  IBM 
user  group  Share  and  CIO  at 
the  National  Institute  of  Ar¬ 


thritis  and  Musculoskeletal 
and  Skin  Diseases. 


5  STRUT  YOUR  STUFF. 

“Employers  want  to 
see  ‘I  managed  this, 

I  coordinated  that,’  ”  says 
Reynolds.  “They  don’t  want 
to  see  ‘assisted  with  this’  or 
‘supported  that.’  ” 

If  you  weren’t  the  project 
leader,  highlight  your  role  in 
the  success  of  a  critical  proj¬ 
ect,  says  Katherine  Spencer 
Lee,  executive  director  at 
Robert  Half  Technology  in 
Menlo  Park,  Calif. 


6  COME  PREPARED  FOR 
THE  INTERVIEW.  This 
sounds  like  a  no- 
brainer,  but  hiring  managers 
are  increasingly  looking 
for  candidates  who  can  do 
more  than  a  “tech  interview.” 
They  may  check  your  com¬ 
munication  skills  by  asking 
you  to  explain  your  past 
experiences  or  describe  how 
you  would  handle  certain 
situations  on  the  job,  says  Jill 
Herrin,  CEO  of  JDResources 
Inc.,  a  recruiter  in  Memphis. 

7  TALK  BUSINESS.  Pro¬ 
spective  employers  also 
want  to  know  whether 
you  understand  how  systems 
and  applications  affect  vari¬ 
ous  business  divisions  and 
the  company  overall.  “We 
want  somebody  with  techni¬ 
cal  acumen,  but  I  would  like 
to  know  that  these  people 
know  the  basis  for  making 
money,”  says  Frank  Hood, 
CIO  at  QIP  Holder  LLC 
(Quiznos)  in  Denver. 

8  GET  A  FOOT  IN  THE  DOOR. 

Don’t  hesitate  to  take  a 
temporary,  contract  or 
temp-to-hire  position.  “Once 
you  come  in  as  a  temp  or  a 
contractor,  no  one  is  really 
looking  at  your  resume,”  says 
Reiter.  “They’re  looking  at 
whether  you  can  or  can’t  do 
a  particular  job.”  ■ 
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Your  potential.  Our  passion. 

Microsoft 

defeating  witches, 
easy. 


1.  Boil,  bubble,  toil,  and  trouble. 
Witches  are  big  with  brews.  Why  not 
make  one  of  your  own  to  use  against 
them?  Sure,  eye  of  newt  is  tough  to 
find  at  the  local  market,  but  it's 
probably  available  online. 


2.  Melt  the  Witch. 

You've  seen  the  film  so  you  know  the  big  ending.  A  bucket  of  water, 
poured  directly  Witchward,  causes  her  to  steam,  melt,  and  dissolve  into 
a  puddle  on  the  floor.  Lure  her  to  the  watercooler  and  you're  done. 


3.  Fight  magic  with  magic. 

With  a  wand  of  your  own — 
say  a  pointer — you  can  create 
some  magic  of  your  own. 
Beforeyou  know  it,  you'll  be 
turning  Witches  into  toads. 


defeating  worms, 
easier. 


1.  Implement  Microsoft*  Forefront?’ 
Forefront  makes  defending  your  systems  easier.  It's  a 
simple-to-use,  integrated  family  of  client,  server,  and 
edge  security  products  (such  as  ISA  Server  2006) 
that  helps  you  stay  ahead  of  your  security  threats 
more  easily  than  ever. 

For  case  studies,  free  trials,  demos,  and  all  the  latest 
moves,  visit  easyeasier.com 


5.  Steal  her  broom. 

Nearly  every  Witch  has  a  magic 
broom,  and  if  you  can  get  it  away 
from  her  she's  basically  grounded. 
And,  with  a  little  practice,  you  can 
cut  your  commute  in  half. 


4.  Insult  the  Witch. 

Witches,  despite  their  warty 
exteriors,  are  quite  sensitive. 
So  asking  "Hey,  Witch — is  that 
your  nose  or  a  green  banana?" 
can  be  devastating. 


m  MANAGEMENT 


Books  That  Can 
Change  Your  Life 


Must-reads 
for  2008.  By 

Mary  K.  Pratt 

NDREW  GALBUS 
was  a  programmer/ 
analyst  at  a  food 
manufacturing  com¬ 
pany  in  the  mid-1990s  when 
he  read  Edward  Yourdon’s 
Decline  and  Fall  of  the  Ameri¬ 
can  Programmer.  Galbus  says 
the  book  made  him  realize 
that  his  employer  was  not 
helping  him  build  a  sustain¬ 
able  career  in  the  IT  sector. 
“It  made  me  think,  ‘Do  I 
want  a  job  or  a  career,  and 
do  I  want  just  a  career  in  a 


company  or  a  career  in  the 
IT  industry?’  ”  Galbus  says. 

Spurred  by  the  book’s 
message,  Galbus  got  a  job  at 
an  organization  that  helped 
its  people  build  their  careers. 
He  also  got  an  MBA.  He’s 
now  unit  manager  of  the  IT 
Quality  Office  at  the  Mayo 
Clinic  in  Rochester,  Minn. 

Books  can  educate, 
provide  insight,  prompt 
reflection  and  even  inspire 
change.  We  asked  corporate 
coaches,  leadership  consul¬ 
tants  and  IT  professionals 
for  their  top  picks: 

PERFORMANCE 

■  Now,  Discover  Your  Strengths 

(Free  Press,  2001),  by 


Marcus  Buckingham  and 
Donald  O.  Clifton,  and  Go 

Put  Your  Strengths  to  Work: 
Six  Powerful  Steps  to  Achieve 
Outstanding  Performance 

(Free  Press,  2007),  by  Mar¬ 
cus  Buckingham.  “They 
give  you  a  system  for  actu¬ 
ally  identifying  and  putting 
language  to  your 
strengths,”  says 
Wendy  Wall- 
bridge,  president 
and  executive 
coach  at  On  Your 
Mark  Corporate 
Coaching  &  Con¬ 
sulting  Inc.  in 
Novato,  Calif. 

■  Death  by  Meeting: 

A  Leadership  Fable . . .  About 
Solving  the  Most  Painful  Prob¬ 
lem  in  Business  (Jossey-Bass, 
2004)  and  The  Five  Tempta¬ 
tions  of  a  CEO:  A  Leadership 
Fable  (Jossey-Bass,  1998),  by 
Patrick  M.  Lencioni.  “The 
stories  are  very  real,  and  the 


way  he  approaches  things 
makes  it  very  memorable,” 
says  Bart  Bolton,  a  leader¬ 
ship  consultant  at  Lifetime 
Learning  in  Upton,  Mass. 

■  The  Nibble  Theory  and  the 
Kernel  of  Power:  A  Book  About 
Leadership,  Self-Empowerment 
and  Personal  Growth  (Paulist 

Press,  2004),  by 
Kaleel  Jamison. 
“This  was  a  real 
eye-opener  to  me 
on  how  I  needed 
to  step  back  and 
think  differently 
about  what  I  was 
doing,”  says  Cath¬ 
erine  Brune,  se¬ 
nior  vice  president 
and  CIO  at  Allstate  Insur¬ 
ance  Co.  in  Northbrook,  Ill. 

■  Improv  Wisdom:  Don’t 
Prepare,  Just  Show  Up 
(Harmony/Bell  Tower, 
2005),  by  Patricia  Ryan 
Madson.  “A  refreshing 
view  of  communication 
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Someone  who 
really  wants  to 
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understand  leadership 
should  start  here. 

BART  BOLTON, 

LEADERSHIP  CONSULTANT, 

LIFETIME  LEARNING 


and  behavior  in  work  and 
personal  life,”  says  Robert 
Rouse,  director  of  the  Re¬ 
gional  Leadership  Forum  of 
the  Society  for  Information 
Management  and  a  profes¬ 
sor  of  computer  science  and 
engineering  at  Washington 
University  in  St.  Louis. 

LEADERSHIP 

■  On  Becoming  a  Leader:  The 
Leadership  Classic  (Basic 
Books,  2003),  by  Warren 
G.  Bennis.  “Someone  who 
really  wants  to  understand 
leadership  should  start 
here,”  says  Bolton. 

■  Emotional  Intelligence:  Why  It 
Can  Matter  More  Than  IQ  (Ban¬ 
tam  Books,  2006)  and  Primal 
Leadership:  Learning  to  Lead  With 
Emotional  Intelligence  (Harvard 
Business  School  Press,  2002), 
by  Daniel  Goleman.  “Good 
leaders  need  to  understand 
people,”  Bolton  says. 

■  Thin  Book  of  Appreciative 


Inquiry  (Thin  Book  Publish¬ 
ing  Co.,  1998),  by  Sue  Annis 
Hammond.  “You  have  to 
have  a  culture  of  apprecia¬ 
tion  or  people  become  de¬ 
moralized,”  says  Wallbridge. 
■  Force  for  Change:  How  Leader¬ 
ship  Differs  From  Management 
(Free  Press,  1990)  and  Leading 
Change  (Harvard  Business 
School  Press,  1996),  by  John 
P.  Kotter;  and  The  Heart  of 
Change:  Real-Life  Stories  of 
How  People  Change  Their  Orga¬ 
nizations  (Harvard  Business 
School  Press,  2002),  by  John 
P.  Kotter  and  Dan  S.  Cohen. 
They  help  define  the  differ¬ 


ence  between  managers  and 
leaders,  Bolton  says,  noting 
that  you  have  to  know  when 
to  be  one,  the  other  or  both. 

■  South:  The  Story  of  Shackle- 
ton’s  Last  Expedition,  1914-1917 
(Birlinn  Ltd.,  2002),  by  Er¬ 
nest  Henry,  Sir  Shackleton. 
“It’s  an  amazingly  inspira¬ 
tional  story  on  how  to  lead 
and  ensure  the  success  of 
your  followers,”  says  Dan 
Gingras,  a  partner  in  the 
New  England  practice  of 
Tatum  LLC,  an  Atlanta- 
based  executive  services 
and  consulting  firm. 

■  True  North:  Discover  Your 


Authentic  Leadership  (Jossey- 
Bass,  2007),  by  Bill  George, 
Peter  Sims  and  David  Ger- 
gen,  and  Authentic  Leadership: 
Rediscovering  the  Secrets  to 
Creating  Lasting  Value  (Jossey- 
Bass,  2004),  by  Bill  George. 
According  to  Bolton,  these 
books  will  help  you  find 
your  own  leadership  style. 

INSPIRATION 

■  Banker  to  the  Poor:  Micro- 
Lending  and  the  Battle  Against 
World  Poverty  (PublicAf- 
fairs,  2003),  by  Muhammad 
Yunus.  “The  fact  that  this 
gentleman  pulled  off  what 
he  did  in  today’s  world  is  in¬ 
spirational,”  says  Michael  J. 
Wehr,  a  health  systems 
database  analyst  at  Vander¬ 
bilt  University  Children’s 
Hospital  in  Nashville.  ■ 

Pratt  is  a  Computerworld 
contributing  writer  in 
Waltham,  Mass.  Contact  her 
at  marykpratt@verizon.net. 


You  have  to  stretch.  From  directing  your  company’s  IT  infrastructure 
contributing  to  its  business  goals.  You’re  the  one  pulled  between  two  worlds. 


Which  is  why  you’re  the  one  who  needs  Cognos.  We  are  the  experts  in  performance  management, 
delivering  a  single,  Web-based  SOA  platform  that  works  within  your  existing  infrastructure.  Unlike 
SAP  and  Oracle,  we  have  17  years  of  proven  performance  management  experience,  enabling 
organizations  like  yours  to  understand,  plan,  and  monitor  their  business.  And  with  over  23,000 
satisfied  customers  already,  we  can  put  success  within  your  reach. 


To  find  out  more,  visit  www.cognos.com/bungee  today. 


Proceed  with  confidence 


THE  NEXT  LEVEL  OF  PERFORMANCE 


Copyright  ©  2007  Cognos  Incorporated.  All  rights  reserved. 
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■  SECURITY  MANAGER’S  JOURNAL  C.J.  KELLY 


Planning  a  Recovery 
That  Isn’t  a  Disaster 

Our  overwhelmed  security  manager  wants 

her  disaster  recovery  plan  to  be  more  than 
an  exercise  in  filling  in  the  blanks. 


Every  January, 

I  have  to  update 
my  agency’s  di¬ 
saster  recovery 
plan.  The  good 
news  is  that  the  state  only 
requires  me  to  fill  in  some 
forms.  I  could  be  done 
in  half  an  hour.  The  bad 
news?  Should  one  of  the 
state’s  major  cities  ever  be 
struck  by  terrorists,  this 
so-called  disaster  recovery 
plan  would  leave  us  look¬ 
ing  like  FEMA  after  Hur¬ 
ricane  Katrina  hit. 

I’m  not  the  sort  of 
person  who’s  content  to 
satisfy  the  minimum  re¬ 
quirements  when  I  know 
how  inadequate  they  are. 
This  year,  I’m  considering 
revamping  the  entire  plan, 
including  testing  it  and 
training  people  on  it. 

But  I’m  shaking  my  head 
while  I  write  these  words. 
If  you’ve  been  reading 
this  column  lately,  then 
you  already  know  why. 

My  state  is  experiencing 
a  budget  crisis,  and  I’ve 
been  bemoaning  my  lack 
of  resources,  especially  the 
time  and  staff  I  need  to  do 
everything  that  needs  to 
get  done.  Do  I  really  think 
I  can  throw  another  big 
project  in  on  top  of  manag¬ 


ing  a  network  and  all  of 
our  information  security? 

My  problem  is  that  I 
can’t  help  but  identify  with 
those  nameless  FEMA  em¬ 
ployees  I  have  conjured  up 
in  my  imagination.  There 
were  probably  plenty  of 
them  who  knew  that  what 
the  agency  had  down  on 
paper  and  stored  away  in 
dusty  binders  was  pretty 
much  useless  because  it 
hadn’t  been  tested.  I  don’t 
want  to  think  “I  knew  it 
would  be  this  way”  after 
the  fact.  Lives  are  at  stake, 
and  I  can’t  live  with  the 
potential  consequences. 

That  means  doing 
something  more  than  the 
minimum  this  year,  even 
though  I’ll  probably  have 
to  do  it  on  my  own  time. 

I  can  start  by  assess¬ 
ing  what  I  know.  It  could 
be  that  I’m  not  informed 
about  the  state’s  readiness 
to  respond  to  a  catastro¬ 
phe.  After  all,  my  agency 
provides  social  services, 

■  I  want  to  do 
more  than  the 
minimum,  even 
if  I  have  to  do  it 
on  my  own  time. 


not  public  safety.  If  a  city 
blows  up,  who  cares  if 
social  services  shut  down? 
The  top  priorities  would 
be  saving  lives,  searching 
for  victims,  discovering 
what  happened,  appre¬ 
hending  perpetrators  and 
calming  the  public.  My 
agency  isn’t  involved  in 
any  of  that. 

Still,  the  state  is  more 
than  one  city,  and  we  can’t 
let  everyone  else  down. 
Basically,  we  need  to  try  to 
ensure  that  we  can  contin¬ 
ue  to  operate,  even  if  our 
main  facility  is  destroyed 
or  simply  inaccessible. 

BABY  STEPS 

But  first  things  first.  As 
in  any  disaster  recovery 
plan,  employee  safety  is 
the  No.  1  priority.  At  the 
very  least,  I  can  update  the 
employee  roster  so  that  lo¬ 
cating  employees  (or  their 
next  of  kin)  won’t  be  dif¬ 
ficult.  Then  I  can  update  the 
evacuation  plans  and  per¬ 
haps  expand  them.  Any¬ 
thing  I  do  here  is  going  to 
be  an  improvement,  since 
the  current  plan  is  the 
equivalent  of  a  fire  drill. 

Next,  I  can  turn  my  at¬ 
tention  to  our  ability  to  set 
up  temporary  shop.  The 


36  COMPUTERWORLD  JANUARY  21,  2008 


Trouble 

Ticket 

AT  ISSUE:  The  disaster 
recovery  plan  isn’t  worth 
the  paper  it’s  printed  on. 

ACTION  PLAN:  Devise 
something  of  real  value 
despite  tight  resources. 


agency  has  four  physical 
locations  in  the  state:  the 
primary  and  secondary 
hubs,  and  two  small  facili¬ 
ties.  I  can  plan  a  live  test  to 
demonstrate  cessation  of 
operations  in  the  primary 
hub  and  continuance  of 
operations  in  the  second¬ 
ary  site. 

That’s  probably  as  far  as 
I  will  get  this  year,  but  it’s 
a  start,  and  I  can  build  on 
it  next  year. 

But  I  won’t  get  that  far 
if  I  let  my  exhaustion  get 
the  better  of  me.  I  won’t 
be  able  to  complete  the 
task  ahead  of  me  without 
inspiration.  What’s  inspir¬ 
ing  me,  at  least  for  now,  is 
the  thought  that  the  fate  of 
our  states  and  our  nation 
is  in  the  hands  of  the  likes 
of  me.  There  are  educated, 
bright  and  hardworking 
people  out  there  working 
for  the  government  —  I’ve 
learned  that  in  my  time 
in  the  public  sector.  But 
many  of  them,  like  me,  are 
completely  overwhelmed 
with  conflicting 
priorities  that 
demand  their 
attention.  It  is 
only  because  of 
their  dedication 


COMPUTERWORLD.COM 

O  JOIN  IN 

To  join  the  discussion 
about  security,  go  to 

computerworld.com/ 

blogs/security 


and  passion  that  anything 
meaningful  gets  done.  I 
hope  I  can  rise  to  that  stan¬ 
dard  and  come  up  with 
a  disaster  recovery  plan 
worthy  of  the  name.  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “C.J.  Kelly,”  whose 
name  and  employer  have 
been  disguised  for  obvious 
reasons.  Contact  her  at 
mscjkelly@yahoo.com. 
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m  OPINION 

Paul  M.  Ingevaldson 


Strategic  IT  Systems? 
There  Are  None 

AT  a  recent  IT  conference  in  Edmonton,  Alberta, 

I  had  the  opportunity  to  be  on  a  luncheon  key¬ 
note  panel  with  Nicholas  Carr  of  “IT  Doesn’t 
Matter”  fame,  along  with  another  active  CIO 
and  a  former  IT  researcher. 


The  initial  question 
that  we  each  were  asked 
to  address  was  this:  What 
is  the  role  of  IT?  Is  it  a 
strategic  resource  that 
enables  an  organization 
to  differentiate  its  prod¬ 
ucts  or  services,  or  is  it 
merely  a  cost  of  doing 
business  —  an  essential 
part  of  the  organization 
but  one  focused  on  cut¬ 
ting  costs  and  reducing 
risks? 

Carr  spoke  before  I  did. 
He  talked  about  how  IT 
is  essential  but  not  strate¬ 
gic,  since  companies  can 
no  longer  gain  competi¬ 
tive  advantage  from  com¬ 
puter  systems  because 
most  are  using  similar 
software  and  thus  can’t 
differentiate  themselves 
through  technology. 

I  took  a  very  different 
position,  though  in  a  very 
narrow  sense  I  agreed 
with  Carr.  I  don’t  believe 
IT  systems  are  strate¬ 
gic.  All  strategies  must 
start  with  the  business 
strategy.  But  a  business 
strategy  without  tactical 
support  is  like  a  general 


without  an  army.  Once 
the  company  has  decided 
on  the  strategy,  then  each 
department,  including 
IT,  must  decide  how  it 
will  execute  the  strategy. 
These  discussions  will 
result  in  the  tactics  that 
will  bring  the  strategy  to 
life. 

Some  strategies  will 
require  a  large  portion  of 
IT  tactics;  others,  fewer. 
In  all  cases,  however,  the 
resultant  strategy  is  a 
business  strategy,  not  an 
IT  strategy.  Using  this 
process,  incidentally,  is 
how  companies  can  be 
sure  that  IT  stays  aligned 
with  the  business. 

In  my  mind,  it’s  foolish 
to  suggest  that  IT  or  any 
other  department  doesn’t 
matter.  All  are  there  to  do 
one  thing:  work  together 
to  enable  the  company  to 
gain  competitive  advan¬ 
tage.  How  they  tactically 

■  This  could  be  the 
most  important  is¬ 
sue  facing  you  and 
your  profession. 


perform  that  job,  whether 
by  means  of  existing  soft¬ 
ware  or  custom  work,  is  a 
function  of  the  strategy. 

I  would  suggest  that  if 
the  strategy  requires  the 
systems  to  operate  dif¬ 
ferently  than  those  avail¬ 
able  on  the  market,  then 
IT  must  develop  custom 
code  that  will  satisfy 
the  strategy.  IT  should 
not  force  the  strategy  to 
change  to  accommodate 
existing  software. 

The  IT  industry  must 
take  a  stand  on  this  issue. 
As  writers  and  pundits 
travel  the  conference 
circuit  and  preach  their 
visions  of  the  future,  we 
must  pay  attention,  un¬ 
derstand  the  threats  that 
are  being  suggested,  and 
make  our  voices  heard. 

If  corporate  leaders 
believe  that  IT  is  go¬ 
ing  to  become  so  easy 
and  canned  that  the  us¬ 
ers  will  be  able  to  run 
the  technology,  we  will 
continue  to  see  IT  de¬ 
partments  reduced  and 
outsourced  and  offshored 
and  treated  like  the  util- 
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ity  that  is  envisioned. 

But  if  this  represents 
just  another  ivory  tower 
idea  like  the  paperless 
office  and  e-books,  then 
IT  practitioners  have  to 
speak  up  and  convince 
those  same  leaders  that 
IT  is  a  valuable  resource 
that  must  be  nurtured. 
Otherwise,  we  are  go¬ 
ing  to  see  a  continuing 
reduction  in  IT  college 
graduates  as  students 
follow  more  promising 
career  paths.  Companies 
will  struggle  to  achieve 
that  elusive  competitive 
advantage  as  the  number 
of  first-rate  minds  in  IT 
dwindles. 

So  here  are  a  couple 
of  action  items.  If  you 
haven’t  done  so,  read 
Carr’s  article  “IT  Doesn’t 
Matter.”  It’s  available  on 
Amazon.com.  After  that, 
stand  up  and  be  counted. 
Let  me  know  what  you 
think  IT’s  role  will  be  in 
the  future.  Perhaps  we 
can  publish  some  of  your 
comments  in  an  upcom¬ 
ing  article. 

The  outcome  of  this 
debate  isn’t  going  to  af¬ 
fect  me.  I’ve  had  my  time. 
However,  this  could  be 
the  most  important  issue 
facing  you  and  your  pro¬ 
fession.  Don’t  just  stand 
there.  Don’t  just  watch. 
Get  involved.  ■ 

Paul  M.  Ingevaldson  retired 
as  CIO  at  Ace  Hardware 
Corp.  in  2004  after  40  years 
in  the  IT  business.  Contact 
him  at  ingepi@aol.com. 
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Q&A 


Stewart  Tansley 

The  program  man¬ 
ager  for  Microsoft 


Research’s  Institute 
for  Personal  Robots 
in  Education  discusses  com¬ 
puter  science  education. 


New  Stats  on  Women  in  IT 


in  November,  the  National  Center  for  Women  &  Information  Technol¬ 
ogy  released  its  NCWIT  Scorecard,  which  included  these  findings: 


/  I  Share  of  computer  science  Advanced 
0  iff  Placement  test-takers  who  are  girls. 


Percentage  of  bachelor’s  degrees  in  CS 
awarded  to  women  in  2006.  That’s  down 
from  36%  23  years  earlier. 


|  Share  of  software  engineering  jobs  held 
I  by  women.  Overall,  women  hold  half  of 
f  the  country’s  professional  positions. 


Percentage  of  Fortune  500  chief  technol¬ 
ogy  officers  who  are  female. 


The  Hacker’s  Master’s 


EC-COUNCIL  UNIVERSITY,  a  sister 
institution  of  the  “ethical  hacker” 
certification  authority  known  as  the 
EC-Council  (International  Council  of 
Electronic  Commerce  Consultants), 
has  established  a  master’s  program 
in  security  science.  According  to 
the  Albuquerque-based  EC-Council, 
the  MSS  program  is  suitable  for 
students  with  a  wide  range  of 
previous  security  experience.  It  of¬ 
fers  high-level  coverage  of  security 
principles  and  the  emerging  issues 
and  technologies  in  network  secu¬ 
rity.  The  MSS  program  is  expected 
to  take  from  one  to  two  years  to 
complete.  Students  should  plan 
to  study  the  course  half-time 
while  working  in  the  security 


field  in  some  capacity. 

Applicants  should  have  a  bach¬ 
elor’s  degree  -  in  any  discipline; 
those  with  at  least  two  years  of 
experience  in  the 
IT  industry  will  be 
given  admissions 
preference. 


How  can  a  robot  address  the 
“excitement  deficit”  in  young 
people  when  it  comes  to 
studying  computer  science? 

Robots  seem  to  captivate  people  - 
especially  young  people  -  in  a  rather 
special  way.  If  you  look  at  the  history 
of  robotics  as  a  social  phenomenon 
rather  than  solely  as  a  technological 
evolution,  you  find  the  notion  of  an 
artificial  person,  or  quasi-conscious 
machine,  to  be  surprisingly  deeply 
rooted  -  perhaps  as  old  as  history 
itself.  It  is  this  primal  connection  to 
robots  that  we  are  partly  building  on 
in  our  exploration  of  the  technology. 

One  way  we  are  trying  to  make 
education  more  fun  and  effective 
through  the  use  of  robotics  is  the 
[Institute  for  Personal  Robots  in 
Education],  Established  in  July 
2006,  IPRE  is  a  collaborative 
research  project  hosted  at  the 
Georgia  Institute  of  Technology 
with  Bryn  Mawr  College.  It  is  sup¬ 
ported  by  seed  funds  for  three 
years  from  Microsoft  Research  and 
the  schools  themselves. 

IPRE’s  mission  is  broad:  to 
employ  robots  in  education  at  all 
levels,  from  middle  school  to  gradu¬ 
ate  school.  Our  initial  target,  how¬ 
ever,  is  introductory  undergraduate 
computer  science.  Through  our 
collaborative  research,  we  hope  to 
show  that  by  empowering  every 
student  with  their  own  personal 
robot,  purchased  with  the  class 
textbook,  we  can  improve  re¬ 
tention  in  and  attraction  of  students 
to  computer  science. 

An  important  component  of  this 
idea  is  that  the  robots  for  these 
courses  must  be  reliable  and  inex¬ 
pensive  so  that  every  student  can 


have  one.  IPRE  will  keep  the  barrier 
to  entry  low  for  those  professors 
interested  in  trying  something  new. 

In  the  end,  robots  are  just  one  way 
to  introduce  more  students  to  pro¬ 
gramming  in  these  challenging  times 
for  computer  science  educators. 

Is  the  program's  introduction 
on  schedule?  At  this  time,  we 
are  on  schedule,  having  completed 
pilot  teaching  trials  at  Georgia  Tech 
and  Bryn  Mawr  in  spring  2007,  and 
moving  to  broader  teaching  trials 
starting  this  past  fall. 

How  about  the  expansion  to 
other  schools?  In  spring  2008, 
we  will  extend  the  reach  of  IPRE 
to  perform  teaching  trials  at  other 
schools  -  potentially  six  to  12,  but 
we  are  evaluating  the  appropriate 
number  and  approach.  We  are 
building  a  textbook  based  on  the 
curriculum  in  parallel  and  refining 
the  software  and  hardware.  We  will 
openly  publish  the  scientific  results 
of  the  effectiveness  of  the  technol¬ 
ogy  in  class  as  soon  as  possible 
through  regular  academic  channels 
(conferences  and  journals).  Assum¬ 
ing  the  scientific  results  prove  the 
utility  of  the  approach,  we  will  make 
the  technology  (hardware,  software 
and  curriculum)  broadly  available 
to  the  academic  community.  There 
would  be  little  point  in  pushing  a  so¬ 
lution  that  was  not  thoroughly  prov¬ 
en  to  be  effective  and  the  degree  of 
its  effectiveness  quantified,  so  that 
professors  can  evaluate  whether  the 
approach  is  right  for  them,  which 
we  certainly  hope.  This  is  a  central 
tenet  of  IPRE’s  approach. 

-JAMIE  ECKLE 
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Find  your  ideal  IT  job  through  IT  Careers 


For  additional  IT  positions,  search 
www.ITCareers.com, 
our  online  database  of 
over  20,000  jobs  each  month! 

it  careers 
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Project  Lead,  Metuchen,  NJ: 
Sunrise  Systems  a  software 
consulting/  development  com¬ 
pany  has  openings  for  exp'd 
professionals  to  design,  devel¬ 
op,  modify  financial  applica¬ 
tions  using  MVC  design  pat¬ 
terns,  MATLAB,  Web  Services, 
.Net  Technology,  SQL  Server. 
Upgrade/analyze/  manage 
data  upload  &  transformation 
of  customized  performance 
related  files  from  various 
sources  in  different  formats  like 
XML,  Delimited,  CSV  using 
SSIS,  DTS  for  optimizing  oper¬ 
ational  efficiency.  Assist  in  test 
process/work  with  end  users 
for  application  requirements. 
Supervise  Programmer 
Analyst.  We  offer  competitive 
salaries  &  professional  work 
environment.  For  immediate 
consideration  send  resume  to: 
Sunrise  Systems  Inc,  PO  Box 
513,  Metuchen,  NJ  08840, 
Attn:  HR-30  J 


Software  Engineer  positions. 
Competitive  salary.  40  hr/wk. 
Responsible  for  support  and 
programming  of  current  appli¬ 
cation  Acom3  in  Java. 
Additional  responsibilities 
include  application  develop¬ 
ment  using  leading  edge  tech¬ 
nology,  business  analysis  and 
customization  of  the  Acom3 
product  to  support  greater  effi¬ 
ciency  within  our  customers 
work  flow.  Environment  used 
Java  and  XML.  Require 
Bachelor's  degree  in  Computer 
Science  or  Management 
Information  Systems  and  five 
years  of  programming  experi¬ 
ence  in  JAVA  and  XML  environ¬ 
ment  or  will  accept  a  Master's 
degree  and  1  year  of  program¬ 
ming  experience  in  JAVA  and 
XML  environment.  Send 
resumes  and  proof  of  experi¬ 
ence  to  Actek,  Inc.,  2120  Data 
Drive,  Birmingham  AL  35244  or 
e-mail  to  personnel@actek- 
soft.com.  EOE. 


Labor 

Certification 

Ads 


Are  you 
an  individual, 
agency  or  law 
office  needing  to 
place  ads  to 
fulfill  legal 
requirements? 

Let  us  help 
you  put  together 
an  efficient,  cost- 
effective  program 
that  will  help  you 
place  your  ads 
quickly  and  easily. 


For  more  details, 
contact  us  at: 

800.762.2977 


IT 
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Programmer  Analyst  -Clairvoyant 
Techno  Solutions  Inc. 
Wilmington,  DE-Software  con¬ 
sulting  service  seeks  technical 
professionals  to  analyze, 
design,  develop,  code,  test  and 
implement  solutions  for  Web 
applications  and  Client  Server 
internal  applications  by  utilizing 
SAP  R/3,  ABAP  programming, 
Business  warehousing,  VB, 
ASP,  Rational  Rose.  Also  look¬ 
ing  for  professionals  to  utilize 
programming  skills  in  AS400, 
RPGLE,  CB2,  CLLE,  SQL/400, 
ILE-RPG,  CLLE,  RPG/400, 
DB2/400,  SQL  Server,  Mercury 
Test  Director,  relational  data¬ 
base  design,  and  data  model¬ 
ing.  Email  to:  careers@ctsit.com 


Comp  Consults  seeks  software 
engineer,  System  Analysts/ 
Administrator,  DBA  to  design  & 
develop  programs/applications 
using  Oracle,  Unix,  C/C++,  VB, 
Java,  J2EE,  EJB.  Require  MS  or 
BS  with  1-5yr  IT  exp.  Job  site  var¬ 
ious.  Please  send  resumes  to 
immg@compconsults.com. 

Teknest  seeks  S/W  engineers, 
system  analyst/administrators, 
DBA  to  customize  applications 
using  Java,  Oracle,  SAP  etc. 
Require  MS/BS  with  IT  exp. 
Travel  required.  Send  resumes  to 
32985  Hamilton  Ct,  #219, 
Farmington  Hills,  48334. 


Senior  Software  Engineer  need¬ 
ed  w/Bach  or  For.  equiv  in  CS  or 
Engg  or  Math  &  5  yrs  progressive 
work  exp  in  job  offd  or  closely 
related  occupation  to  research, 
dsgn,  dvlp  &  test  OS-level  s/ware 
using  Java,  C++,  EJB,  JDBC, 
XML,  XSD,  X-PATH,  XSLT,  XSD, 
CGI-  Perl,  ASP,  PL/SQL,  SQL  on 
Unix  platforms  using  SAP,  Oracle 
6.x,  7.x,  8.x,  9.x,  1 0,  MS  Access  & 
SQL  server  &  N/work  technolo¬ 
gies.  Participate  in  dsgng  frame¬ 
work  of  a  tech  infrastructure,  incl 
n/work,  platforms  &  servers, 
enterprise  enabling,  applic 
enabling,  security  &  operations 
mgmt.  Knowl  in  the  dvlpmt  of 
object  oriented  &  distributed  tech¬ 
nologies.  Provide  tech'l  support. 
Mail  res  to:  AIT  Global,  Inc,  228 
Rte  34,  Matawan,  NJ  07747.  Job 
loc:  Matawan,  NJ  or  any  unantici¬ 
pated  Iocs  in  US. 


Chevron  seeks  IT  Professional 
in  Houston,  TX.  BS  in 
Computer  Science,  MIS  or 
related  +  2yrs  exp  in  job  offered 
or  as  a  Computer  Analyst/ 
Server  Design.  Req'd  skills: 
Development  for  large-scale 
projects;  Microsoft  Active 
Directory  on  Windows 
2000/2003;  Microsoft  Exchange 
2003;  and,  Desktop  Operating 
Systems  (XP/W2K).  Mail 
resume:  Chevron,  1400  Smith 
St.  Houston,  TX  77002.  Attn:  Y. 
Vasquez.  Ref.  job  75. 


Programmer  Analyst  w/Bach  in 
Comp  Sci  or  Engr  or  Math  &  2  yrs 
exp  to  analyze,  dsgn,  dev,  test  & 
provide  production  support  for 
ERP  implmtn  projects  using 
Oracle  Applies.  Dsgn  solution 
using  Ebusiness  suite  of  Oracle 
Applies  -  CRM  Foundation, 
Customer  Data  Hub,  Sales 
Online  &  Installed  Base.  Dsgn 
docs  using  AIM  methodology. 
Dvlp  custom  code  using  Oracle, 
SQL,  PL/SQL,  Forms,  Reports, 
Discoverer,  Workflows  &  Toad. 
Write  complex  queries,  proce¬ 
dures  &  packages.  Write  test 
scripts  &  test  solutions.  2  yrs  exp 
as  Sr.  S/ware  Engr  acceptable. 
Mail  res  to:  Optima  Technology 
Partners,  Inc.  9  Mount  Pleasant 
Tpke,  Ste  103,  Denville,  NJ 
07834.  Job  Loc:  Denville,  NJ  or  in 
any  unanticipated  locations  in 
USA. 


Technautix  seeks  system  ana¬ 
lyst  (in  house)  to  customize 
applications  using  Java,  ASP, 
SQL,  PL/SQL,  HTML, 
JavaScript,  TOAD,  Business 
Objects  XIR2.  Please  send 
resume  to  1460  Walton  Blvd, 
#80,  Rochester  Hills,  Ml  48309. 

Inteliops  seeks  IT  analyst/engi¬ 
neers  to  customize  applications 
using  special  tools  per  project 
requirements.  Require  MS  or  BS 
with  IT  exp.  Travel  required. 
Please  send  resumes  to  30401 
Via  Chico  Place,  Laguna  Niguel, 
CA  92677 


IT  Professionals  and  Managers 

Multivision,  Inc.  an  established 
and  expanding  IT  consulting 
company  with  headquarters  in 
Fairfax,  VA  is  searching  for 
qualified  IT  Professionals  (i.e., 
Software  Consultants,  Software 
Engineers,  Programmer/ 
Analysts,  Systems  Analysts) 
and  Information  Systems  and 
Project  Managers.  Most  techni¬ 
cal  positions  require  a  bache¬ 
lor's  degree  in  computer  sci¬ 
ence,  engineering  or  a  related 
field  and/or  relevant  industry 
experience.  Desired  skills 
include:  ERP/CRM:  Oracle 

Applications,  Web  Methods, 
Siebel,  SAP,  ABAP,  People 
Soft;  TIBCO,  Informatica,  Ab- 
Initio,  Data  Staging,  Quality 
Analysts,  Business  Analysts, 
Databases  such  as  Oracle, 
SQL  Server  &  DB2  Languages, 
PL/SQL;  J2EE  technologies, 
Java,  EJB,  Servlets,  JSP, 
JDBC,  XML,  C,  C#,  .NET 
Framework,  C++,  development 
tools  such  as  Visual  Basic, 
CICS,  Mainframes,  AS/400  and 
various  Web  technologies  and 
application  servers.  For  our 
Information  Systems  and 
Project  Manager  positions  we 
prefer  a  MS  degree  in  related 
fields  such  as  computer  sci¬ 
ence  or  engineering  and  rele¬ 
vant  industry  experience.  We 
will  consider  applicants  with  a 
relevant  bachelor's  degree  and 
significant  industry  experience 
for  these  positions. 

Positions  may  require  reloca¬ 
tion  to  various  client  sites 
throughout  the  United  States. 
Qualified  applicants  submit 
resumes  to  HR  Department, 
Mutivision,  Inc.,  10565  Fairfax 
Blvd.  Suite  #301,  Fairfax,  VA 
22030. 


Systems  Administrator  w/2  yrs 
exp  to  install,  maintain,  trou¬ 
bleshoot  &  provide  tech  support 
&  performance  tuning  on  Sun 
Hardware,  Sun  Solaris  OS, 
Linux  (Red  Hat),  Veritas  Cluster, 
Veritas  Volume  Manager  for  high 
availability  systems.  Monitor 
applies,  perform  system  back¬ 
ups  &  restores  from  tapes 
through  Veritas  Netbackup  & 
Solaris.  Write  Perl,  Shell  Scripts 
for  monitoring  &  system  admin 
purpose.  Mail  res  to:  Algomod 
Technologies  Corp,  116  John  St, 
Ste  1406,  NY,  NY  10038.  Job 
Loc:  NYC  or  in  any  unanticipat¬ 
ed  Iocs  in  USA 


JANUARY  21,  2008  C0MPUTERW0RLD 


Shark  lank 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


Password-Protected 

Pilot  fish  creates  an  account 
for  a  new  user,  who  tells 
fish  that  he  has  a  hard  time 
remembering  things  like 
usernames  and  passwords. 

“I  suggested  that  he  could 
write  it  on  a  small  piece  of 
paper  until  he  memorized  it, 
then  destroy  it,”  says  fish.  “I 
emphasized  that  he  shouldn’t 
write  any  other  information 
on  the  paper  in  case  he  lost 
it,  comparing  it  to  writing 
your  PIN  on  your  ATM  card. 
He  reached  in  his  wallet  and 
pulled  out  his  ATM  card  and 
said,  ‘Like  this?’  ” 

Numbers  Game 

This  programming  team  is 
converting  an  application  for 
a  Beltway  company  that’s  so 


■  COMPANIES 
IN  THIS  ISSUE 

Page  number  refers  to  page  on  which 
story  begins.  Company  names  can  also 
be  searched  at  computerworld.com 
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security-conscious,  develop¬ 
ers  aren’t  even  allowed  to 
choose  their  own  passwords. 
“We  were  assigned  pass¬ 
words,  which  we  had  no 
authority  to  change,”  reports 
a  pilot  fish  there.  And  despite 
many  good  password  rules, 
such  as  no  more  than  two 
repetitions  of  a  character  in  a 
row,  what  is  fish’s  password? 
His  birthday.  Sighs  fish, 
“Since  I  was  born  on  Nov.  11, 
the  first  six  digits  of  my  pass¬ 
word  were  111119. 1  doubt  that 
would  pass  any  company’s 
security  rules  for  passwords.” 

It’s  Only  Dumb 
If  You  Don’t  Ask 

User  needs  VPN  access,  and 
this  pilot  fish  sets  it  up,  com¬ 
plete  with  a  password  that 


Heidrick  &  Struggles  International  Inc . 31. 32 

Hewlett-Packard  Co .  22.26,44 

Hubspan  Inc . 17 

IBM .  6,8,22.26.30,32.44 
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Information  Technology . 40 
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Applications  Users  Group . 16 
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Opera  Software  ASA . 10 

Oracle  Corp . 6,16.44 
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mixes  digits  with  lowercase 
and  capital  letters.  And  fish 
wants  to  make  sure  user  un¬ 
derstands  that  this  password 
is  case-sensitive;  to  empha¬ 
size  the  capital  letters,  in  his 
e-mail  with  the  password,  fish 
makes  those  characters  both 
bold  and  underlined.  Reply 
from  user:  “Thanks  for  help¬ 
ing  me  out  yesterday.  I’ve  set 
up  the  VPN  connection,  but 
I  can’t  get  in.  Probably  be¬ 
cause  of  the  password’s  for¬ 
matting.  My  (possibly  dumb) 
question:  How  do  I  activate 
underlining  of  the  letters  in 
the  password?” 

There’s  Always 
A  Reason 

Senior  sales  exec  calls  this 
IT  boss  pilot  fish  to  complain 
that  he  only  receives  e-mail 
from  the  company  president 
when  someone  sends  a  “reply 
to  all”  message.  How  bad 
is  the  situation?  “He  claims 
he  hasn’t  received  an  e-mail 
from  the  president  for  some 
time,  and  that  ‘it  is  imperative 


QIP  Holder  LLC . 30,32 

Quiznos . 30. 32 
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this  get  fixed  immediately,’  ” 
says  fish,  who  checks  into 
it  posthaste.  “Inspection  of 
his  e-mail  settings  shows, 
first,  junk  filtering  set  to  High; 
second,  the  president’s  e-mail 
address  flagged  as  a  ‘sus¬ 
pected  junk  sender’;  and  last 
but  certainly  not  least,  all  sus¬ 
pected  junk  mail  to  be  imme¬ 
diately  deleted.  Can’t  imagine 
why  he  never  received  any  of 
the  president’s  mail.” 

■  Sharky  will  never  auto¬ 
matically  delete  anything 
from  you  —  especially  if  that 
e-mail  message  happens  to 
be  your  true  tale  of  IT  life. 
Send  it  to  me  at  sharky@ 
computerworld.com.  You 
get  a  sharp  Shark  shirt  if 
I  use  it. 


O  TIRED  OF  BUNGLING  BOSSES 

and  clueless  co-workers? 

Swim  on  over  to  Shark  Bait 
and  share  your  tales  of  woe. 

sharkbait.computerworld.com. 

O  CHECK  OUT  Sharky's  blog,  browse  the 
Sharkives  and  sign  up  for  Shark  Tank  home 
delivery  at  computerworld.com/sharky 
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H  FRANKLY  SPEAKING 

Frank  Hayes 

Good  Deals 


EMEMBER  WHEN  Oracle  was  a  database  vendor 
and  Sun  Microsystems  sold  workstations?  Yes,  you 
can  still  buy  Oracle  llg  or  a  Sun  Ultra.  But  last 
week’s  big  deals  —  Oracle’s  $8.5  billion  buyout  of 
BEA  Systems  and  Sun’s  $1  billion  deal  for  MySQL  —  remind  us 
that  the  days  when  vendors  fit  into  tidy  niches  are  long  gone. 
They  should  remind  us  of  something  more  fundamental,  too. 


On  the  surface,  both 
deals  just  look  like  more 
IT  industry  consolida¬ 
tion.  In  Sun/MySQL,  Sun 
gets  the  open-source  da¬ 
tabase  it’s  been  hunting 
for  since  early  2005,  plus 
some  10  million  custom¬ 
ers,  20%  of  whom  al¬ 
ready  use  Sun  hardware. 
MySQL  gets  funding 
to  grow.  And  potential 
MySQL  customers  get  a 
big  vendor  to  stand  be¬ 
hind  the  product. 

In  Oracle/BEA,  Oracle 
gets  BEA’s  customers  and 
revenue.  BEA’s  customers 
get  to  be  friends  with  all 
those  PeopleSoft,  Siebel 
and  J.D.  Edwards  cus¬ 
tomers  they’ll  share  the 
corral  with.  BEA  itself 
gets  an  end  to  its  head- 
scratching  search  for  an 
identity.  (It’s  a  transac¬ 
tion  processing  company! 
It’s  an  application  server 
company!  It’s  a  service- 
oriented  architecture 
company!) 

But  there’s  something 
else  going  on  here  — 


something  very  good  for 
corporate  IT. 

It  wasn’t  that  long  ago 
when  both  Oracle  and 
Sun  made  parts.  Sure, 
they  were  best-of-breed 
parts,  and  you  could  use 
them  in  assembling  one 
heck  of  a  data  center.  But 
you  needed  lots  of  other 
parts  too,  from  lots  of 
other  vendors.  Putting 
them  together  was  lots  of 
work.  And  when  things 
went  wrong,  there  was 
lots  of  finger-pointing. 

If,  instead,  you  wanted 
the  whole  stack,  you  went 
to  IBM.  OK,  or  maybe 
DEC  or  HP  or  Unisys.  But 
IBM  dominated  the  data 
center,  and  it  had  since 
the  days  when  “data  proc¬ 
essing”  meant  running 
cartloads  of  punch  cards 
through  collating  and 

■  Customer 
data  is  not  just  the 
center  of  IT;  it’s 
the  center  of  your 
whole  business. 


tabulating  machines. 

Those  punch  cards 
held  customer  data,  and 
that  data  was  at  the  cen¬ 
ter  of  the  company’s  in¬ 
formation  infrastructure. 

Fast-forward  through 
tape  and  drum  and  disk 
storage,  through  main¬ 
frames  and  clusters  and 
server  farms,  through 
proprietary  networks  and 
intranets,  through  paper 
reports  and  terminals 
and  PCs  —  and  customer 
data  is  still  at  the  center 
of  your  company’s  infor¬ 
mation  infrastructure. 

It’s  not  just  the  center  of 
IT;  it’s  the  center  of  your 
whole  business. 

Oracle  figured  that  out 
a  few  years  ago  —  that 
a  database  alone  isn’t 
enough.  That’s  why 
Oracle  has  been  acquir¬ 
ing  all  those  enterprise 
applications,  building  out 
from  the  customer  data 
at  the  center.  BEA  pushes 
things  just  a  little  farther. 

For  Sun’s  part,  it  start¬ 
ed  with  networking  (re¬ 


member  “The  Network  is 
the  Computer”?)  and  then 
added  Java  to  build  out  in 
the  application  direction. 
With  MySQL,  Sun  can  fi¬ 
nally  reach  all  the  way  in 
to  support  customer  data. 

See  what  they’re 
doing?  Oracle  and  Sun 
now  know  that  making 
parts  isn’t  enough.  Sure, 
they  want  to  grow  and 
expand  their  revenues 
and  customer  bases.  But 
more  than  that,  they 
want  to  cover  everything 
between  that  critical 
customer  data  and  the 
people  who’ll  use  it  to  do 
business. 

They’ll  cover  that  stack 
differently  from  each 
other,  and  differently  still 
from  IBM,  HP,  Microsoft 
and  other  enterprise  ven¬ 
dors.  And  each  different 
approach  means  more 
choices  available  for  us. 

That’s  good  to  know. 
And  this  is  good  to  re¬ 
member:  What  IT  does 
is  still  all  about  customer 
data.  Not  algorithms, 
not  protocols,  not  dandy 
hardware  or  gee-whiz 
software.  They’re  all 
important,  but  in  the 
end,  what  the  business 
depends  on  IT  for  is  that 
customer  data  at  the 
center. 

Oracle  and  Sun  won’t 
forget  that.  We  shouldn’t 
either.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 
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